Researchers have demonstrated how the highly advanced fingerprint scanner in the Samsung Galaxy S5 can be bypassed and even be tricked to process payments via PayPal account.
Researchers at the Security Research Labs discovered a security flaw in Samsung Galaxy S5's fingerprint scanner, which is used to lock phones and process payments via PayPal. The latest discovery enabled the SRLabs team to bypass the advanced technology that is being integrated into high-end smartphones with a similar process it used in Apple iPhone 5S, last year.
Apple was the first to add fingerprint scanning technology in its iPhone 5S, but the SRLabs researchers were able to bypass the secure authentication on the Cupertino's flagship, last year. The research team demonstrated the breach in a video that showed how a photo of a fingerprint on a smartphone screen was used to create a fake finger sheet made out of a wood-glue mold. By placing it on the iPhone's home button, the group was able to unlock the handset without touching the finger registered to the device.
Using similar tactics, SRLabs showed the fingerprint scanner on the Samsung Galaxy S5 was unable to identify the difference between the fake and the real fingerprint. The team used the photographed and molded fingerprint of the registered user's finger to unlock the device and also send money via PayPal app, which uses Samsung's fingerprint authentication to authorize the payment.
While Samsung stayed mum on the subject, PayPal issued a statement to Android Community showing its confidence with the technology. "While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards," the payment handling company said.
PayPal also noted that the company reserves full control of deactivating the fingerprint scanning authentication mode in case of theft or lost device. The company's purchase protection policy covers its users under the rare instances of fraud, which is controlled by advanced fraud and risk management tools.
