29 April 2017
Visit EBAday.com

Researchers crack Galaxy S5 fingerprint reader and access PayPal app

16 April 2014  |  8192 views  |  0 PayPal Samsung s5

Security researchers from SR Labs have cracked the Samsung Galaxy S5's fingerprint reader, gaining access to the handset and using it to make PayPal transactions.

Repeating a trick it pulled on the Apple 5s last year, SR Labs used a camera phone image of a latent print taken from a handset screen to create a mould from wood glue which could fool the S5's scanner.

Once inside the phone, the researchers also managed to use the same technique to access the PayPal app - which uses the fingerprint scanner instead of passwords to authenticate users - and wire money from an account.



SR Labs admits that the spoof was made under lab conditions but says that it should still worry Samsung and its customers, particularly because the handset allows would-be crooks to have as as many attempted swipes as necessary.

However, PayPal has played down the threat, issuing a statement saying: "PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one."
KeywordsBIOMETRICS

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Westpac tests fingerprint scanning for mobile banking login

Westpac tests fingerprint scanning for mobile banking login

14 April 2014  |  9814 views  |  8 comments | 17 tweets | 14 linkedin
Samsung and PayPal team to let Galaxy S5 owners pay by fingerprint

Samsung and PayPal team to let Galaxy S5 owners pay by fingerprint

25 February 2014  |  7619 views  |  0 comments | 13 tweets | 18 linkedin
Apple adds fingerprint sensor to new model iPhone

Apple adds fingerprint sensor to new model iPhone

11 September 2013  |  7438 views  |  3 comments | 5 tweets | 3 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Find out moreVisit capgemini.comvisit vasco.com/news/PSD2-compliant-solutions

Top topics

Most viewed Most shared
Six global banks join Swift DLT trialsSix global banks join Swift DLT trials
7629 views comments | 15 tweets | 36 linkedin
BBVA steps up fintech acquisition strategy with purchase of OpenpayBBVA steps up fintech acquisition strategy...
6892 views comments | 17 tweets | 16 linkedin
Token raises $15.7 million as PSD2 approachesToken raises $15.7 million as PSD2 approac...
5888 views comments | 20 tweets | 20 linkedin
Should central banks open up payment and settlement systems to non-banks?Should central banks open up payment and s...
5803 views comments | 22 tweets | 21 linkedin
hands typing furiouslyMobile Technology, Its Importance, Present...
5592 views 0 | 2 tweets | 1 linkedin

Featured job

to 120K base, £300K ote, stock options
London, UK

Find your next job