Tuesday 15 April 2014

 
Samsung's newly released Galaxy S5 smartphone heavily marketed for its fingerprint scanner technology embedded in home button, but Germany's Security Researchers have defeated this technology by demonstrating that Fingerprint Scanner in Galaxy S5 is not secure. 

To prove this, they posted a video that shows Galaxy S5 can be spoofed using a lifted print, whitehat-hackers able to gain unauthorized access to the device and PayPal account linked to the handset. No password is needed to access the device and more alarming thing is that even after a reboot, users don't need a password to access PayPal and make payments through the app.

See the video below how actually hack works:



PayPal spokesperson issued a statement on the same:

While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.

Source