recommended reading

It Took Just Four Days to Hack the Samsung Galaxy S5's Fingerprint Scanner

A man uses his smartphone in front of an advertisement for Samsung's Galaxy S5 smartphones in Seoul, South Korea.

A man uses his smartphone in front of an advertisement for Samsung's Galaxy S5 smartphones in Seoul, South Korea. // Ahn Young-joon/AP

It took German "researchers" at SRLabs just four days to created a fake fingerprint using wood glue that can bypass the scanner on the brand new Samsung Galaxy S5. which was released last Friday. The iPhone 5S fingerprint scanner was hacked by Chaos Computer Club in only 48 hours using a very similar method.

Unlike the iPhone, the Samsung Galaxy S5 is integrated with PayPal, and the fingerprint scanner is used to authorize transactions and money transfers in the device. So there is a lot more at stake if the scanner is hacked. PayPal issued a statement in regards to the security scare: “PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one."

Also unlike the iPhone, the Galaxy S5 does not require a regular passcode after a certain number of incorrect fingerprint attempts. The hacker has an unlimited number of attempts to break into the device, and plenty of time to create a fake fingerprint if necessary. 

Brett McDowell, head of ecosystem security at PayPal, believes that this hack proves only a very minor threat: “This is not something you can do on any number of devices. This is not like a massive phishing scam where you can get millions of passwords quickly. This is limited to one device, one victim at a time.” 

Samsung was careful to add other security features to the newest device in the event that it is stolen and has touted "Find My Mobile" and "Reactivation Lock" among the device's biggest upgrades. Both of these features already exist in the most recent iOS, but then again, so does the fingerprint hack. 

This security hack comes just after Apple, Samsung, Huawei, AT&T, T Mobile, Verizon and Sprint came together to create the “Smartphone Anti-Theft Voluntary Commitment”. This measure will ask that all new smartphones after July 2015 come preloaded with an anti-theft tool, commonly known as a "kill switch." There is pending legislation in Congress on a similar kill switch idea, however, with constant security bugs such as the S5 fingerprint hack, mobile providers are taking it upon themselves to prevent theft.   

While the hack and security mandate may shake some users, it is unlikely that it will affect S5 sales. The much faster hack of the iPhone 5S certainly did not stop its popularity. Furthermore, Malik Saadi, practice director at ABI Research, believes security is far from a dealbreaker for shoppers: “The majority of consumers aren’t at this stage very aware of smartphone security issues. When they go to buy a new smartphone, it isn’t the first question that comes to their mind.” 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.