It took German "researchers" at SRLabs just four days to created a fake fingerprint using wood glue that can bypass the scanner on the brand new Samsung Galaxy S5. which was released last Friday. The iPhone 5S fingerprint scanner was hacked by Chaos Computer Club in only 48 hours using a very similar method.
Unlike the iPhone, the Samsung Galaxy S5 is integrated with PayPal, and the fingerprint scanner is used to authorize transactions and money transfers in the device. So there is a lot more at stake if the scanner is hacked. PayPal issued a statement in regards to the security scare: “PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one."
Also unlike the iPhone, the Galaxy S5 does not require a regular passcode after a certain number of incorrect fingerprint attempts. The hacker has an unlimited number of attempts to break into the device, and plenty of time to create a fake fingerprint if necessary.
Brett McDowell, head of ecosystem security at PayPal, believes that this hack proves only a very minor threat: “This is not something you can do on any number of devices. This is not like a massive phishing scam where you can get millions of passwords quickly. This is limited to one device, one victim at a time.”
Samsung was careful to add other security features to the newest device in the event that it is stolen and has touted "Find My Mobile" and "Reactivation Lock" among the device's biggest upgrades. Both of these features already exist in the most recent iOS, but then again, so does the fingerprint hack.
This security hack comes just after Apple, Samsung, Huawei, AT&T, T Mobile, Verizon and Sprint came together to create the “Smartphone Anti-Theft Voluntary Commitment”. This measure will ask that all new smartphones after July 2015 come preloaded with an anti-theft tool, commonly known as a "kill switch." There is pending legislation in Congress on a similar kill switch idea, however, with constant security bugs such as the S5 fingerprint hack, mobile providers are taking it upon themselves to prevent theft.
While the hack and security mandate may shake some users, it is unlikely that it will affect S5 sales. The much faster hack of the iPhone 5S certainly did not stop its popularity. Furthermore, Malik Saadi, practice director at ABI Research, believes security is far from a dealbreaker for shoppers: “The majority of consumers aren’t at this stage very aware of smartphone security issues. When they go to buy a new smartphone, it isn’t the first question that comes to their mind.”
This article is from the archive of our partner The Wire.