Samsung Galaxy S5’s fingerprint scanner hacked by print spoofing

galaxys5 8
Credit: Michael Homnick

A YouTube video was released yesterday showing just how easy it is to trick the Galaxy S5’s fingerprint sensor by using a fake fingerprint, allowing hackers to unlock the handset or authorize purchases through PayPal.

Researchers were able to “hack” the Galaxy S5’s sensor by finding and photographing a latent fingerprint on the smartphone’s display. From there, a wood glue mold was made of the fingerprint, and the researchers were able to successfully unlock the handset. What’s more ominous, though, is that this is also a method of accessing PayPal with the Galaxy S5. In the wrong hands, a hacker could easily send funds to his or her own account with little effort.

This type of fingerprint spoofing from latent prints is easy enough to do if one had the right materials available and the time to get the print from the user. Latent prints are invisible to the naked eye, but oils from the skin keep the print intact on surfaces, which can be revealed with magnesium powder.

The idea of being able to swipe your finger or scan your eye to unlock your phone sounds incredibly futuristic and interesting, I’ll give you that. That said, the threats are very real when it comes to these type of bio-hacks, and they’ll more than likely increase going forward.

A novel and gimmicky feature, a fingerprint reader on a smartphone might sound pretty nifty, but we’d stick with the pin or password for now on the Galaxy S5.

Shop Tech Products at Amazon