Skip to main content

fingerprint sensor hacked

By

The Samsung Galaxy S5’s fingerprint sensor hacked


English: Samsung Logo Suomi: Samsungin logo
English: Samsung Logo Suomi: Samsungin logo (Photo credit: Wikipedia)

THE Samsung Galaxy S5’s fingerprint sensor has a loophole that can leave a user’s phone -- and the PayPal money app -- vulnerable to hackers, researchers say.

The exploit, demonstrated in a YouTube video , bypasses the Galaxy S5’s fingerprint lock using a fake fingerprint made from wood glue.

In an interview with the Journal, PayPal’s head of ecosystem security, Brett McDowell, said that the hack is real, and known, but it’s nothing that should alarm the public.

“We don’t have any reason to question the authenticity of the demonstration,” Mr McDowell said. “This is a known challenge to fingerprint-sensing technology, and these are some of the top researchers in the world. But this is not a scalable exploit. It’s not something most people should worry about.”

The video by Berlin, Germany-based Security Research Labs shows the mould of a fingerprint being used to trick a Galaxy S5’s fingerprint sensor into unlocking the phone. SRLabs says in the video that it made its fake fingerprint (or “wood glue spoof”) by taking a camera phone photo of a fingerprint left on the phone’s display. The video was reported earlier by Ars Technica.
Samsung Galaxy S5
Samsung Galaxy S5 (Photo credit: Janitors)

“Not only is it possible to spoof the fingerprint authentication, even after the device has been turned off, but the implementation also allows for seemingly unlimited authentication attempts without ever requiring a password,” says the narrator in the SRLabs video.

PayPal is among the apps that can make use of Samsung’s fingerprint sensor in place of a password, and in the video researchers use the fingerprint spoof to log into PayPal and transfer money to an outside account.

Mr McDowell said that PayPal believes the security and convenience of using a fingerprint sensor outweighs the possibility that a hacker steals both a person’s phone and a pristine fingerprint, and also have the time and resources to make a copy of a fingerprint before that user calls PayPal customer service to disconnect their account from the lost or stolen phone.

“This is not something you can do on any number of devices,” Mr McDowell said. “This is not like a massive phishing scam where you can get millions of passwords quickly. This is limited to one device, one victim at a time.”

Apple’s iPhone 5S also has a fingerprint reader, one that has been hacked in a similar fashion, but it is not used to authenticate third-party financial transactions, only Apple’s own iTunes store.

Samsung and SRLabs have not yet replied to requests for comment.

Related articles

Enhanced by Zemanta
Labels:

Comments

Post a Comment

Popular posts from this blog

Google Pixel, Pixel XL pre-orders open: Here are the unique features

By
Google Pixel, Pixel XL pre-orders open: Here are the unique features Google  Pixel and Pixel XL smartphones are available on Flipkart for pre-order. And it looks like Google is only bringing the ‘Quite Black’ colour variant to India for now, with ‘Very Silver’ and ‘Really Blue’ both not available in India yet. Google Pixel and Pixel XL with their premium pricing are set to compete with the likes of Apple iPhone 7, iPhone 7 Plus,  Samsung Galaxy S7  and Galaxy S7 edge. Google Pixel and Pixel XL are first ‘Made by Google’ smartphones, and come with Google Assistant in-built, which is also the highlight of the devices. Honor 8 First Look Video Google Pixel and Pixel XL have a aluminum and glass design. Google Pixel is priced at Rs 57,000 for 32GB version in India. The 128GB variant of Google Pixel costs Rs 66,000. Google Pixel XL is available at Rs 67,000 for 32GB storage variant and Rs 76,000 for
Post a Comment
Read more

How To Solve The Rubik's Cube

By
How To Solve The Rubik's Cube easily Rubik's Cube Français : Rubik's Cube Bahasa Melayu: Kiub Rubik Română: Cubul Rubik Русский: Кубик Рубика Tiếng Việt: Lập phương Rubik Italiano: Cubo di Rubik (Photo credit: Wikipedia ) some may think it is impossible to solve, even  Erno Rubik didn't think there was a combination to there are 43,000,000,000,000,000,000 (that is 43 quintillion ) possible combinations . So how can you solve the cube without memorizing 43 quintillion different combinations? there are things called algorithms that are based on mathematical equations that get pieces to places without messing up the whole cube.    Some of you may be wondering why i wanted to learn to solve the Rubik's cube , well I am very big into math and I am Very good at memorizing things in fact I have an IQ of 120 but you don't need a high iq to learn how to solve the Rubik's cube . I learn this method last Christmas when I was bored on Christmas break an
Post a Comment
Read more

MS Dhoni’s return catch was big moment in the match: Kane Williamson

By
MS Dhoni’s return catch was big moment in the match: Kane Williamson New Zealand skipper Kane Williamson lauded his bowlers for drying up the runs during India’s chase in the second ODI here, terming Mahendra Singh Dhoni’s brilliant return catch by Tim Southee as a “big moment” in the match. When asked about how the bowlers and fielders responded while defending a low total, Williamson said: “Someone like MS Dhoni, he can finish matches when he is allowed to play his shots. He is the best in the world. That catch was big for us.” Williamson was happy with the manner his bowlers responded on a tricky surface and also gave an insight to how some adjustments led to the Indian skipper playing 37 dot balls. “On this kind of a surface (Kotla), scrapping was important. You needed to put the ball in areas where it’s tough to get away and try and build that pressure. It was an extremely good effort considering that the ball was damp due to dew factor.” Dhoni was cleverly
Post a Comment
Read more