Galaxy S5 fingerprint scanner may pose security risk, warn researchers


With the launch of the iPhone 5S last year, and the brand new Samsung Galaxy S5 hitting stores this month, fingerprint scanners on smartphones have finally hit the big time. Samsung, especially, is pushing taking the technology by extending it beyond its own ecosystem and making it available to third parties, like how PayPal uses the scanner to authenticate transactions through its mobile app. Despite all the potential, there’s a possible downside to what Samsung’s doing here, as security researchers raise the alarm about a combination of factors threatening to make the GS5’s scanner implementation a lot less secure than it might otherwise be.

For one, the GS5’s scanner is easily fooled by fake prints. As you can see in the video below, a simple mold made from a picture of a fingerprint left on a smartphone’s screen is sufficient to produce a forgery capable of passing the scanner’s tests. This vulnerability is hardly exclusive to the GS5, but it sets the stage for the software problems that really compound its impact.

The next problem is how trusting the GS5 is of a successful fingerprint scan. While the iPhone 5S would also prompt users for a password at least once, the GS5 doesn’t rely on secondary authentication like that. As a result, once someone lifts your print, your phone is fully compromised.

Finally, the researchers here take issue with how forgiving the GS5’s software is – as well as PayPal’s app – when it comes to failed scans. Almost like Samsung’s expecting the fingerprint scanner to be a little unreliable, it never appears to lock users out after multiple failed attempts. As a result, an attacker can keep on trying to get a copied print to work until it finally does.

On the plus side, at least some of these concerns sound very addressable in software, so maybe Samsung will drop an update that allows for a password + fingerprint two-factor option.

Source: SRLabs (YouTube)
Via: BGR

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!