Links on Android Authority may earn us a commission. Learn more.
Samsung Galaxy S5 fingerprint scanner already hacked using ‘faux fingerprint’
After Apple released the iPhone 5S with a fingerprint reader, there were quite a few mixed opinions. The problem with fingerprint readers is that while they can add an extra layer of security, they also have security flaws and often don’t work quite as well as intended.
Fingerprint readers on mobile devices are nothing new, but Apple’s latest handset revived the concept and it was only a matter of time before other manufacturers followed suit. First, it was HTC with the One Max, and more recently, Samsung’s Galaxy S5 has landed.
The GS5 utilizes a fingerprint reader embedded in the home button, and, like Apple’s solution, it is apparently pretty easy to ‘hack’ using a lifted fingerprint. The video above is from SRLabs and shows how a fake fingerprint can be used to gain unauthorized access to the Galaxy S5. Once you’re in, not only do you have full access to the phone, you can also use your fake fingerprint to initiate Paypal transactions.
While Apple’s iPhone 5S requires an actual password the first time you boot a device, Samsung has no such security method in place at this time. In other words, if someone steals your phone and has the knowledge to lift a latent fingerprint off your device — they can pretty much do whatever they want with your GS5.
Of course, if your phone is lost or stolen, one of your first courses of actions should always be to use Android Device Manager — or whatever security software you utilize on your device — to lock out or wipe your handset remotely. Still, it would be nice if Samsung addresses this ‘hack’ method by at least occasionally requiring a traditional password in between boots.
What do you think, does the existence of this ‘hack’ turn you off from using a fingerprint reader in the GS5 or any other device for that matter? Conversely, do you feel that the risk is relatively small and it’s worth the added convenience of (arguably) quicker log-ins via a fingerprint?