The new Samsung Galaxy S5 has a fingerprint scanner that can be used to authorize PayPal payments. Less than four days after it was officially available, a security research firm has found a way to hack it. Interestingly, the firm was using the same method that fooled the first fingerprint sensor to be found on smartphone, which is Apple’s Touch ID on the iPhone 5s.
Germany’s SRLabs managed to fool the Galaxy S5 fingerprint sensor using prints left on the glass surface of an iPhone 4S, process it into a mold and then swiping it to authenticate PayPal purchases. Oddly enough, SRLabs used the same wood-glue mold that the firm used to fool the Touch ID scanner. If you recall seven months back, the Chaos Computer Club (CCC) only needed to snap a high-resolution image of a fingerprint from a drinking glass and processed that to fool Touch ID.
Given that fingerprint scanners were touted to be the next level in device security, these hacking methods indicate that it can indeed be even easier to gain access to sensitive data on your smartphone that’s protected by a fingerprint scanner than one with a conventional PIN or password. In the case of the Galaxy S5, it’s even scarier to think that the you can “secure” PayPal payments on mobile with just a swipe of a fake fingerprint. Not only that, the system even allows for multiple attempts to swipe if the first is unsuccessful, making it easier for determined hackers.