Samsung Galaxy S5 Fingerprint Scanner Has Been Hacked; PayPal Accounts at Risk

Discussion in 'Android News' started by dgstorm, Apr 15, 2014.

  1. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254

    Unfortunately, sometimes cool new tech opens up the possibility of "not-so-cool" security vulnerabilities. The newest example of this is the Fingerprint Scanner on the Samsung Galaxy S5. Apparently it has already been hacked and no leaves PayPal accounts at risk until the security bug can be rectified.

    The hack in question is a "physical hack" and would require a would-be thief to have a copy of your existing fingerprints, which doesn't make it all that easy to exploit. Despite this it is something that Samsung needs to address. Here's a quote with the details on how the hack works,

    To be clear, this is the same fingerprint exploit that was found on the Apple iPhone 5S, but there is a difference that makes it more dangerous on the Galaxy S5. With Apple’s Touch ID system, you are required to input your password once before using a fingerprint for authentication, but it must be entered again each time the device is rebooted. Unfortunately, with Samsung's implementation, no password is needed. Here's another quote with the problem,

    Check out the video above for a demonstration of the issue.

    Source: BGR
     
  2. johnomaz

    johnomaz Silver Member

    Joined:
    Jul 12, 2010
    Messages:
    3,181
    Likes Received:
    633
    Trophy Points:
    178
    Location:
    Central Valley, California
    Ratings:
    +771
    Current Phone Model:
    Google Pixel 2XL
    Welcome to literally EVERY fingerprint scanner out there. Watch Mythbusters. They even show that a photo copied fingerprint can fool many scanners. This isn't a hack and IMO, not really news. If anything, its a vulnerability in the Paypal app.
     
  3. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254
    Which is still news worth sharing...

    Just because you read about this previously, doesn't mean everyone else has.
     
    #3 dgstorm, Apr 15, 2014
    Last edited: Apr 15, 2014
  4. Dusty

    Dusty Gold Member

    Joined:
    Jan 13, 2010
    Messages:
    1,179
    Likes Received:
    479
    Trophy Points:
    238
    Location:
    DC/NoVA
    Ratings:
    +593
    Current Phone Model:
    Nexus 6
    What!?

    Michael Weston. Pilot episode of Burn Notice.

     
  5. z96Cobra

    z96Cobra Member

    Joined:
    Mar 30, 2010
    Messages:
    296
    Likes Received:
    6
    Trophy Points:
    18
    Ratings:
    +6
    This isn't exactly "cool new tech" either. My HP 5555 (Windows CE PDA) had a fingerprint scanner back in the early 2000's. It was very convenient technology & I'm glad it's coming back!
     
  6. dgstorm

    dgstorm Editor in Chief
    Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    11,016
    Likes Received:
    3,979
    Trophy Points:
    823
    Location:
    Austin, TX
    Ratings:
    +4,254
    ^^. Very true. I even made that assertion previously in regards to the iPhone 5S and the Galaxy S5. Fingerprint scanners are really more of a gimmick than a "must have" feature yet. The comment at the beginning of the story was simply hyperbole for artistic flare. ;)
     
  7. Jeffrey

    Jeffrey Premium Member
    Premium Member

    Joined:
    Jan 30, 2012
    Messages:
    6,686
    Likes Received:
    3,548
    Trophy Points:
    1,578
    Location:
    Thailand
    Ratings:
    +4,036
    Current Phone Model:
    iPhone 7 Plus JB
    If anyone knows about fingerprint vulnerabilities it's companies like Sammy, Apple and Paypal. IMO, they are so rushed to bring product to market they tend to take a few shortcuts.