08 October 2015

Researchers crack Galaxy S5 fingerprint reader and access PayPal app

16 April 2014  |  6965 views  |  0 PayPal Samsung s5

Security researchers from SR Labs have cracked the Samsung Galaxy S5's fingerprint reader, gaining access to the handset and using it to make PayPal transactions.

Repeating a trick it pulled on the Apple 5s last year, SR Labs used a camera phone image of a latent print taken from a handset screen to create a mould from wood glue which could fool the S5's scanner.

Once inside the phone, the researchers also managed to use the same technique to access the PayPal app - which uses the fingerprint scanner instead of passwords to authenticate users - and wire money from an account.

SR Labs admits that the spoof was made under lab conditions but says that it should still worry Samsung and its customers, particularly because the handset allows would-be crooks to have as as many attempted swipes as necessary.

However, PayPal has played down the threat, issuing a statement saying: "PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one."

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

14 April, 2014
25 February, 2014
11 September, 2013

Related company news

Your browser is unable to support Flash files.

Top topics

Most viewed Most shared
BNP Paribas to pilot cards with dynamic CV...
7183 views comments | 32 tweets | 37 linkedin
European Parliament rubberstamps Payment S...
5698 views comments | 31 tweets | 35 linkedin
Faster Payments eases access for challenge...
4860 views comments | 20 tweets | 25 linkedin
Retail security bashing lobby group ABA ad...
4454 views comments | 16 tweets | 8 linkedin
Santander InnoVentures joins Ripple fundin...
4230 views comments | 29 tweets | 17 linkedin

Featured job

to £80K base + commission + bonus
London, UK

Find your next job