recommended reading

It Took Just Four Days to Hack the Samsung Galaxy S5's Fingerprint Scanner

A man uses his smartphone in front of an advertisement for Samsung's Galaxy S5 smartphones in Seoul, South Korea.

A man uses his smartphone in front of an advertisement for Samsung's Galaxy S5 smartphones in Seoul, South Korea. // Ahn Young-joon/AP

It took German "researchers" at SRLabs just four days to created a fake fingerprint using wood glue that can bypass the scanner on the brand new Samsung Galaxy S5. which was released last Friday. The iPhone 5S fingerprint scanner was hacked by Chaos Computer Club in only 48 hours using a very similar method.

Unlike the iPhone, the Samsung Galaxy S5 is integrated with PayPal, and the fingerprint scanner is used to authorize transactions and money transfers in the device. So there is a lot more at stake if the scanner is hacked. PayPal issued a statement in regards to the security scare: “PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one."

Also unlike the iPhone, the Galaxy S5 does not require a regular passcode after a certain number of incorrect fingerprint attempts. The hacker has an unlimited number of attempts to break into the device, and plenty of time to create a fake fingerprint if necessary. 

Brett McDowell, head of ecosystem security at PayPal, believes that this hack proves only a very minor threat: “This is not something you can do on any number of devices. This is not like a massive phishing scam where you can get millions of passwords quickly. This is limited to one device, one victim at a time.” 

Samsung was careful to add other security features to the newest device in the event that it is stolen and has touted "Find My Mobile" and "Reactivation Lock" among the device's biggest upgrades. Both of these features already exist in the most recent iOS, but then again, so does the fingerprint hack. 

This security hack comes just after Apple, Samsung, Huawei, AT&T, T Mobile, Verizon and Sprint came together to create the “Smartphone Anti-Theft Voluntary Commitment”. This measure will ask that all new smartphones after July 2015 come preloaded with an anti-theft tool, commonly known as a "kill switch." There is pending legislation in Congress on a similar kill switch idea, however, with constant security bugs such as the S5 fingerprint hack, mobile providers are taking it upon themselves to prevent theft.   

While the hack and security mandate may shake some users, it is unlikely that it will affect S5 sales. The much faster hack of the iPhone 5S certainly did not stop its popularity. Furthermore, Malik Saadi, practice director at ABI Research, believes security is far from a dealbreaker for shoppers: “The majority of consumers aren’t at this stage very aware of smartphone security issues. When they go to buy a new smartphone, it isn’t the first question that comes to their mind.” 

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.