It took just four days for German researchers to hack the fingerprint sensor of Samsung Galaxy S5. They could trick the fingerprint sensor to grant unauthorized access with just the use of a fingerprint mold instead of a real one. Moreover, this software is so ineffective that even after rebooting the phone it allows unlimited authentication attempts without even asking for a password. A video has also been posted on YouTube by Security Research Labs (SRLabs) demonstrating the hacking process.
Galaxy S5 is the only phone after Apple iPhone 5S to have a fingerprint sensor. Thus, this feature was the USP of this phone. However, due to the technical glitch Galaxy S5 is facing major flak from all corners.
This issue has become a bigger concern since the smartphone boasts of PayPay integration. SRLabs opines that this integration gives people more reason to hack a smartphone. However, PayPal firmly defended the biometric authentication on its part by issuing an official statement on this matter.
Fingerprint authentication has been a debatable issue ever since iPhone 5S was launched by Apple with this feature and got hacked. The effectiveness of this feature, which was supposed to provide an additional layer of security, is being questioned even more since Galaxy S5 was spoofed. At least, iPhone 5S required users to put in a password before continuing towards the fingerprint authentication or every time the phone reboots but Galaxy 5S never asks for a password.
The question arising in this situation is that it is true that you can change a compromised password but how can you change a compromised fingerprint? Thus, manufacturers always need to ensure that the implementation of any technology should not put users at risk in anyway. They should always think about the loopholes first before introducing the thing to people.
Samsung is yet to comment on this matter but it is expected to issue a statement soon and take care of the situation.