Despite being one of the most talked about features on the phone, the Samsung Galaxy S5’s fingerprint scanner has been hacked after just 4 days on sale.
These days, almost everything is digital. From your medical records, your taxes and likely a run down of everything you’ve ordered online in the past 6 months (thank you Amazon!) it’s all ther, in the cloud, stored on a server ready to be delivered to your screens as and when you need it. After you’ve put in an alphanumerical password, that is. It almost seems too simplistic, doesn’t it? That all of this information about us, sensitive and mundane data stored in equal measure, can be accessed with a few taps on a keyboard and it especially seems too simplistic given that the strength of these passwords is on shaky ground right now (Heartbleed, anyone?) But with biological passwords such as fingerprint unlocks being available, it’s concerning then that the Samsung Galaxy S5’s fingerprint scanner has just been hacked in impressive time.
The ‘hackers’ responsible for this are actually an elite team of security specialists from the German security firm SRLabs’, so they certainly know their way around a lockscreen or two. Hoping to test out the device’s much touted fingerprint scanner, they gathered several resources, including a Samsung Galaxy S5, another smartphone with a camera (used for taking photos) some lab equipment and just over $250 worth of materials. To conduct the experiment, first they had someone use the Samsung Galaxy S5’s fingerprint scanner, leaving a visible print on the device after using it (this is key, which I’ll explain in a minute), then they took a photo of it before using said photo (along with that lab equipment) to create a PCB mould of the print. Then, using the mould they were able to swipe it on the phone and unlock it without the finger that the original print came from.
While the fact that it took just 4 days for the Samsung Galaxy S5 fingerprint scanner to be hacked may give more than a fair few a reason to shout that the iPhone 5S’ rival fingerprint scanner is clearly superior, it’s also key to note it took less time for the scanner on the Apple device to be hacked (it actually took less than 48 hours) than that of Samsung’s flagship device. Too, the security concerns, while concerning, are less to be worried about than as being reported. For one, if the user of the phone had have just wiped off the finger print from the screen, SRLabs’ experiment wouldn’t have worked. In addition to this, those worried that the hacking of the S5’s fingerprint scanner (which allows you to lock and access PayPal accounts) suddenly means that their money is in jeopardy needn’t be so concerned as a statement released by PayPal explained that “The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one.” whilst also pointing out that all transactions are covering by their buyer protection policy, so if all else fails, you can just cancel whatever payment the hacker is made and all will be relatively well.
We’ll keep you posted once we know more.