Fingerprint security loophole in Samsung Galaxy S5 could expose Paypal and other payment services

By Danny Palmer
16 Apr 2014 View Comments
Samsung Galaxy S5 with Android 4.4 Kitkat vs Samsung Galaxy Note 3

The fingerprint security feature of Samsung's new Galaxy S5 smartphone has been cracked within days - potentially exposing not just data on the device, but other services tied to the smartphone's fingerprint authentication. 

The feature was intended to improve the security of the smartphone, but security researchers say the feature "leaves much to be desired" as they've already exposed a loophole that enables the phone to be hacked. 

Further reading

The video, posted by SR Labs, demonstrates how the phone can be spoofed into believing a fake fingerprint is that of a real person.

Not only that, but fingerprint authentication can be repeatedly used without the additional security check of having to enter a password, leaving applications, such as PayPal and other sensitive services, vulnerable to data theft.

That, researchers say, "gives attackers an even greater incentive to learn the simple skill of fingerprint spoofing".

They added: "While biometrics will always carry with them a trade-off of security for convenience, it's the manufacturer's responsibility to implement them in a way that doesn't put their users' crucial data and payment accounts at risk."  

However, the new Samsung Galaxy S5 is nevertheless outselling the previous model of the Google Android-based smartphone, the Samsung Galaxy S4, because users are attracted to its slimmed down features.

That's according to Yoon Han-kil, senior vice president of Samsung's product strategy team, who made the comments in an interview with Reuters news agency.

"(The S5) is selling faster than the S4 so far, though it's difficult to share specific numbers as we're still at early stages," he said, adding: "S5 sales should be much better than the S4."

The Samsung Galaxy S5 launched last Friday in 125 countries – double the number for the launch of the S4. As a result, Samsung believes it can sell more than 10 million S5 handsets in the first month on sale.

The device itself doesn't represent a massive upgrade on the computing power of the Galaxy S4, but instead focuses on improvements, such as water-proofing, a better camera and the ability to automatically turn off unnecessary applications when the battery is running low.

The number of pre-installed applications on the S5 has also been reduced compared with the S4 - addressing a common criticism that Samsung puts too much "bloatware" on its devices. 

"With the S4, we thought smartphones shouldn't just focus on hardware. They also had to come with a lot of software and services, and that line of thinking did lead us to cram many services into the device," Yoon said.

"We still feel the same way but this time around, we decided not to put in so many things and only include what the user really needs, so I cut out a lot of services and software," he added.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

38 %
26 %
15 %
21 %