galaxy s5 iphone 5s

The fingerprint scanner on Samsung’s flagship Galaxy S5 is suffering from the same security flaw as the fingerprint scanner on the iPhone 5s, creating a bit of a risk for owners.

Germany-based security blog H Security found that using a wood glue mold from the fingerprint already set on the Galaxy S5, someone else could gain unauthorized access to your phone. Given Samsung’s fingerprint scanner tie-ins with the PayPal app, this means not only contacts and photos are up for grabs, but mobile payments, as well. 

H Security used the same mold as it did for the iPhone 5s’ Touch ID, but the Galaxy S5 has more security concerns. The mold was taken from a photo of a fingerprint on a smartphone screen, rather than directly from a person’s finger.

Apple requires users input their password one time after rebooting their iPhone 5s, however, the Galaxy S5 doesn’t require a password and lets you use your finger – or a spoof to gain unauthorized access – right off the bat. You don’t even need a password on the PayPal app on the Galaxy S5, once again, just your finger.

“Despite being one of the premium phone’s flagship features, Samsung’s implementation of fingerprint authentication leaves much to be desired,” a SRLabs researcher said in a video on Tuesday. “The finger scanner feature in Samsung’s Galaxy S5 raises additional security concerns to those already voiced about comparable implementations.”

Samsung’s Galaxy S5 has made it into the Fast Online Alliance that works to ensure mobile security, which essentially means Samsung isn’t sending your fingerprint to the cloud, and is instead storing it locally like on the iPhone 5s.

While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards,” PayPal said in a statement to BGR on Tuesday. “PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone.” 

While it may not sound likely that someone’s going to lift your fingerprint, the fact that there isn’t another safety check on the Galaxy S5 could be a cause for concern.

  • cool

  • jack

    fail

    • hkgsulphate

      thats a feature

      • duck hairs

        S-fail?

  • so take a picture of the finger, then mold it, and so and so forth….sounds like that person has to be kidnapped. This scenario might occur, but to how many?
    This isn’t a security flaw to me, just because he is using a molded fingerprint that was processed in a lab.

    Security flaws for me would be:

    1) the person can type a code in and then granted access to my phone.

    2) A dog is capable of getting in (has been proven) lol

    3) using the emergency+Power Button trick

    Those are flaws to me, not saying they’re scanner is flawless. Definitely will have bugs.

    • Dallas Groot

      This post (and security flaw) is basically pointing out that it is prone to. Its a very unlikely situation for this to occur…. But it can happen.

      • Jake Smith (US News Editor)

        As noted in the post

      • Yeah I know, but when he said molded I couldn’t take hime seriously. Sounded like an agent lol

    • Eni

      what a just saw there, a shamsung fanboy that tryes to justify fails on shamesung

      • No buddy, before this escalates let me just note that, I mostly own Apple products. Not there is anything wrong with Samsung, I just love jailbreaking.
        Back to you
        I’m just not biased, so call me fanboy if you want.

      • Eni

        go one boy, express ur self

      • umm yeah ok

    • lemonhead

      While this is true. I think it’s just not ready yet for linking it your paypal account…
      For me there needs to be a vertification which is highly costly to get around with also some serious teck required, so I can justify such a “flaw” to be acceptable.
      (While linking it to my *bankaccount*)

    • Julio Cesar

      2) ONLY a dog WITH A REGISTRED PAW is capable of getting in.
      You have to register the paw like an fingerprint.
      Another dog can’t bypass using an wrong paw.

      But why these sensors accept something like that?
      It’s simple, not everyone has a perfect fingerprint, some people has deformations, warts, etc.
      So how people like this can use it if only perfect fingerprints can be registered? They can’t, and thats why these sensors accept anything that is organic and have some kind of texture.

      And remember: NOTHING IS MICROSCOPICALLY IDENTICAL, and that’s why you can’t use any finger, paw, part of a body… Only the right part of the right living being properly registered can have access.

      These “hacks” don’t always work, and have to be really well made.

  • Meanwhile in South Korea…
    “When Apple improves their touch sensor, we’ll bring the copy machines to full gear and copy that as well”

    • Guest

      racist

  • Qasim

    They cant even copy without adding a bit of their pathetic-ness to stuff

  • Shingo

    Shame n Sunk as always…

  • Lagax

    That isn’t really a Security flaw! That’s like you stand behind a person and see his password, enter his password when he’s gone and call that a security flaw…

    …That this technique would work… I could have told you before apple and/or Samsung even thought about implementing a fingerprint sensor/scanner…

  • Laszlo Gaspar

    Basically your better of being safe than sorry and using a password.

    • Yeah I only use my scanner when i’m in public, so no one sees me typing in my code.

  • Vijay Panjwani

    Looking at the comments and taking a deep sigh!
    Where were you people saying that this isn’t a security flaw when similar study was done on the iPhone 5s?
    Everybody was just bashing the 5s soo much that this kind study even came in news! Why are you guys not rising your voices now!? Were you paid by samsung to put apple down? Why are you guys not saying that the sensor on gs5 suck? IMO, iPhone 5s has the best scanner on any mobile device to date!

    • Deep sigh as well, no buddy that’s not what’s being said well IMO.
      Yes there were a lot of flaws with 5s scanner, still is (sometimes can’t read my finger even if clean and dry) but I still love it.
      What some of us are saying, is the video above is not really a flaw. That can be done on any finger sensors.
      When the 5s came out there were a bunch of videos showing the different ways to bypass the scanner.
      This is just ONE, there will be more. This definitely doesn’t qualify, but it’s there.

  • Vince Reedy

    I’ll just have to make sure Jack Bauer doesn’t get hold of my phone or else he will run up my app store purchases in his spare time.

  • Sleaka J

    Wow, Samesung really copy EVERYTHING, even the flaws.

  • Jonathan

    Anyone have the wallpaper for the Galaxy in the first photo on the top?

    • Alberto Espinal

      Here

    • Alberto Espinal

      Oops sorry Jonathan thats not the one!!

      • Jonathan

        No problem, I still like it though! =)
        I can just use the replace color in Photoshop and get the same thing. =P

  • redjazon

    Samsung should c̶o̶p̶y̶ implement password protection every after reboot just like on iPhone 5s for more security in the next update!

  • Batman

    While took so long to hack it.
    Because people/hackers don’t care

  • poipiu123

    Most cost-effective website, factory direct delivery, all kinds of luxury brands, safe and efficient http://WWW.SOGARED..COM i página web. Mi sitio web es: http://www.sogared..com tienen marcas: Nike, Adidas, Puma, Gucci, LouisVuitton, Armani, Burberry, Moncler, Ralph Lauren, Lacoste, Dolce & Gabbana, Hugo Boss, Abercrombie & Fitch, CalvinKlein, Dsquared2, Yves Saint Laurent, Tommy Hilfiger sitio: http://www.SOGARED..com ◢◣◢◣◢◣◢◣◥◤◥◤◥◤◥◤
    ◢◣◢◣◢◣◢◣◥◤◥◤◥◤◥◤ We are not the usual Chinese wholesalers
    ◢◣◢◣◢◣◢◣333
    ◥◤◥◤◥◤◥◤444
          →→WWW.SOGARED.COM

  • Alex Akai

    This is inaccurate. There IS a cap on attempt and it prompts you to enter alternative password.