Skip to main content

fingerprint sensor hacked

By

The Samsung Galaxy S5’s fingerprint sensor hacked


English: Samsung Logo Suomi: Samsungin logo
English: Samsung Logo Suomi: Samsungin logo (Photo credit: Wikipedia)

THE Samsung Galaxy S5’s fingerprint sensor has a loophole that can leave a user’s phone -- and the PayPal money app -- vulnerable to hackers, researchers say.

The exploit, demonstrated in a YouTube video , bypasses the Galaxy S5’s fingerprint lock using a fake fingerprint made from wood glue.

In an interview with the Journal, PayPal’s head of ecosystem security, Brett McDowell, said that the hack is real, and known, but it’s nothing that should alarm the public.

“We don’t have any reason to question the authenticity of the demonstration,” Mr McDowell said. “This is a known challenge to fingerprint-sensing technology, and these are some of the top researchers in the world. But this is not a scalable exploit. It’s not something most people should worry about.”

The video by Berlin, Germany-based Security Research Labs shows the mould of a fingerprint being used to trick a Galaxy S5’s fingerprint sensor into unlocking the phone. SRLabs says in the video that it made its fake fingerprint (or “wood glue spoof”) by taking a camera phone photo of a fingerprint left on the phone’s display. The video was reported earlier by Ars Technica.
Samsung Galaxy S5
Samsung Galaxy S5 (Photo credit: Janitors)

“Not only is it possible to spoof the fingerprint authentication, even after the device has been turned off, but the implementation also allows for seemingly unlimited authentication attempts without ever requiring a password,” says the narrator in the SRLabs video.

PayPal is among the apps that can make use of Samsung’s fingerprint sensor in place of a password, and in the video researchers use the fingerprint spoof to log into PayPal and transfer money to an outside account.

Mr McDowell said that PayPal believes the security and convenience of using a fingerprint sensor outweighs the possibility that a hacker steals both a person’s phone and a pristine fingerprint, and also have the time and resources to make a copy of a fingerprint before that user calls PayPal customer service to disconnect their account from the lost or stolen phone.

“This is not something you can do on any number of devices,” Mr McDowell said. “This is not like a massive phishing scam where you can get millions of passwords quickly. This is limited to one device, one victim at a time.”

Apple’s iPhone 5S also has a fingerprint reader, one that has been hacked in a similar fashion, but it is not used to authenticate third-party financial transactions, only Apple’s own iTunes store.

Samsung and SRLabs have not yet replied to requests for comment.

Related articles

Enhanced by Zemanta

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Google Pixel, Pixel XL pre-orders open: Here are the unique features

By
Google Pixel, Pixel XL pre-orders open: Here are the unique features Google  Pixel and Pixel XL smartphones are available on Flipkart for pre-order. And it looks like Google is only bringing the ‘Quite Black’ colour variant to India for now, with ‘Very Silver’ and ‘Really Blue’ both not available in India yet. Google Pixel and Pixel XL with their premium pricing are set to compete with the likes of Apple iPhone 7, iPhone 7 Plus,  Samsung Galaxy S7  and Galaxy S7 edge. Google Pixel and Pixel XL are first ‘Made by Google’ smartphones, and come with Google Assistant in-built, which is also the highlight of the devices. Honor 8 First Look Video Google Pixel and Pixel XL have a aluminum and glass design. Google Pixel is priced at Rs 57,000 for 32GB version in India. The 128GB variant of Google Pixel costs Rs 66,000. Google Pixel XL is available at Rs 67,000 for 32GB stor...
Post a Comment
Read more

MS Dhoni’s return catch was big moment in the match: Kane Williamson

By
MS Dhoni’s return catch was big moment in the match: Kane Williamson New Zealand skipper Kane Williamson lauded his bowlers for drying up the runs during India’s chase in the second ODI here, terming Mahendra Singh Dhoni’s brilliant return catch by Tim Southee as a “big moment” in the match. When asked about how the bowlers and fielders responded while defending a low total, Williamson said: “Someone like MS Dhoni, he can finish matches when he is allowed to play his shots. He is the best in the world. That catch was big for us.” Williamson was happy with the manner his bowlers responded on a tricky surface and also gave an insight to how some adjustments led to the Indian skipper playing 37 dot balls. “On this kind of a surface (Kotla), scrapping was important. You needed to put the ball in areas where it’s tough to get away and try and build that pressure. It was an extremely good effort considering that the ball was damp due to dew factor...
Post a Comment
Read more

Mission Impossible – Rogue Nation

By
Mission Impossible – Rogue Nation: Film Review Thanks to a sharp script that springs a real surprise or two and a pace that never slackens, Mission: Impossible – Rogue Nation rates as the second-best of the numerous franchise titles of the summer, after Mad Max: Fury Road. Armed with an absorbing mystery plot that does more than just connect the dots between action set-pieces (the most outlandish of which is dispensed with in a Bond-like opener), writer-director Christopher McQuarrie maintains the uptick in M:I quality established by the last two entries, and should land this entry within the series' customary range of a half-billion bucks worldwide. Working with Tom Cruise for the fifth time (if you include his uncredited rewrite on the last M:I feature, Ghost Protocol), McQuarrie benefits dramatically from extending the IMF team's official ostracization to a point of total disenfranchisement from the American government; in an early scene, the CIA chief (Alec B...
Post a Comment
Read more