Samsung
did not learn from the mistake of Apple. Result: The fingerprint
scanner in its flagship phone Galaxy S5 is as insecure and poorly
implemented as the one in iPhone 5S, which debuted last year. A German
security firm, SRLabs that hacked the fingerprint scanner in iPhone 5S
last year by spoofing fingerprint, has showed that the same method can
be used to bypass the fingerprint authentication in Galaxy S5.
SRLabs posted a video showing that a Galaxy S5 using fingerprint authentication can be easily broken using a mould that has fingerprint impression of the phone user. The firm said that creating the mould doesn't require much effort.
"Despite being one of the flagship features of Galaxy S5, Samsung's implementation of fingerprint authentication leaves much to be desired," the firm said. "Perhaps most concerning is that Samsung does not seem to have learned from what others have done poorly."
READ ALSO: How to Find Genuine Ways to Make Money Online
SRLabs says that the implementation of fingerprint scanner in Galaxy S5 is even more shoddy than what was found in iPhone 5S. Apple requires a password after every reboot before users can unlock their iPhone 5S with fingerprint scanner. It also requires a password after a certain number of failed attempts with fingerprint scanner.
But in the case of Galaxy S5, users can make any number of attempts to unlock the device with fingerprint scanner. Also, a reboot doesn't lock the fingerprint scanning feature.
In its video, SRLabs highlights that using the Galaxy S5 fingerprint hack, an attacker can enter the Paypal app on the phone and steal money with ease.
In its post about the fingerprint scanner in iPhone 5S, SRLabs wrote that the technology had long way to go before it could be considered safe. "Users leave copies of their fingerprints everywhere; including on the devices they protect. Fingerprints are not fit for secure local user authentication as long as spoofs (fake fingers) can be produced from these pervasive copies," said the firm.
SRLabs posted a video showing that a Galaxy S5 using fingerprint authentication can be easily broken using a mould that has fingerprint impression of the phone user. The firm said that creating the mould doesn't require much effort.
"Despite being one of the flagship features of Galaxy S5, Samsung's implementation of fingerprint authentication leaves much to be desired," the firm said. "Perhaps most concerning is that Samsung does not seem to have learned from what others have done poorly."
READ ALSO: How to Find Genuine Ways to Make Money Online
SRLabs says that the implementation of fingerprint scanner in Galaxy S5 is even more shoddy than what was found in iPhone 5S. Apple requires a password after every reboot before users can unlock their iPhone 5S with fingerprint scanner. It also requires a password after a certain number of failed attempts with fingerprint scanner.
But in the case of Galaxy S5, users can make any number of attempts to unlock the device with fingerprint scanner. Also, a reboot doesn't lock the fingerprint scanning feature.
In its video, SRLabs highlights that using the Galaxy S5 fingerprint hack, an attacker can enter the Paypal app on the phone and steal money with ease.
In its post about the fingerprint scanner in iPhone 5S, SRLabs wrote that the technology had long way to go before it could be considered safe. "Users leave copies of their fingerprints everywhere; including on the devices they protect. Fingerprints are not fit for secure local user authentication as long as spoofs (fake fingers) can be produced from these pervasive copies," said the firm.
0 comments:
Post a Comment