The fingerprint scanner security feature of the newly launched Samsung Galaxy S5 smartphone can be bypassed with a spoofing hack. The hack was demonstrated by researchers from Germany-based Security Research Labs.
This exploit comes in the wake of a similar one developed by a team of white hackers for the fingerprint sensor of the iPhone 5s. Ars Technica has observed sucg hacks exposed the inherent risk of using biometric security features that promise convenience without the hassle of having to recall passwords or keystrokes.
In an email to Ars Technica, the Germany researchers said that they wished the fingerprint sensor of the Galaxy S5 had provided more challenge. Instead, they chided the engineers for not implementing stricter anti-spoofing measures; in addition, a password challenge feature should have been added, after a number of unsuccessful swipes attempt.
The most pressing concern arising from the Galaxy S5 fingerprint spoofing hack is the ability of the hacker to take over the Paypal account, authenticated with the compromised fingerprint. According to Security Research Labs, their spoofed fingerprint was "crafted by taking a camera-phone photo of an unprocessed latent print smudge left on a smartphone screen." The exploit was carried out using a "wood glue spoof" made from an etched PCB mold. In fact, the exploit was built on the researchers’ prior works done while researching the Apple Touch ID feature.
(Source: Ars Technica)