13 February 2016

Researchers crack Galaxy S5 fingerprint reader and access PayPal app

16 April 2014  |  7405 views  |  0 PayPal Samsung s5

Security researchers from SR Labs have cracked the Samsung Galaxy S5's fingerprint reader, gaining access to the handset and using it to make PayPal transactions.

Repeating a trick it pulled on the Apple 5s last year, SR Labs used a camera phone image of a latent print taken from a handset screen to create a mould from wood glue which could fool the S5's scanner.

Once inside the phone, the researchers also managed to use the same technique to access the PayPal app - which uses the fingerprint scanner instead of passwords to authenticate users - and wire money from an account.



SR Labs admits that the spoof was made under lab conditions but says that it should still worry Samsung and its customers, particularly because the handset allows would-be crooks to have as as many attempted swipes as necessary.

However, PayPal has played down the threat, issuing a statement saying: "PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one."
KeywordsBIOMETRICS

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

14 April, 2014
25 February, 2014
11 September, 2013

Related company news

 

Top topics

Most viewed Most shared
UK sets out open banking API frameworkUK sets out open banking API framework
16324 views comments | 106 tweets | 91 linkedin
Deutsche Bank calls for co-operation with fintech firms on B2B servicesDeutsche Bank calls for co-operation with...
9094 views comments | 30 tweets | 30 linkedin
How to accelerate your fintech startupHow to accelerate your fintech startup
8638 views comments | 35 tweets | 10 linkedin
Is Paym a failure?Is Paym a failure?
7198 views 16 comments | 23 tweets | 16 linkedin
Visa issues API to offer consumer control over card transactionsVisa issues API to offer consumer control...
6573 views comments | 17 tweets | 28 linkedin

Featured job

Competitive Package
New York City, NY. USA

Find your next job