Skip to main content

Samsung Galaxy S5 fingerprint scanner hacked with fake finger, leaves users open to fraud

The much-hyped fingerprint scanner on Samsung's brand new Galaxy S5 has already been hacked.

Read more: Samsung Galaxy S5 review

Researchers from Germany's Security Research Labs were able to break the system simply by taking a fingerprint smudge from the smartphone and creating a "wood glue dummy" finger with it, which the S5 recognised as the real thing.

The video above demonstrates the hack.

This is worrying news for the South Korean technology giant, which has been dragged through the courts by arch-rival Apple in recent months.

The scanner doesn't just enable users to gain access to the phone's systems but also to complete transactions via PayPal. Neither of these actions require an additional password to be entered.

"While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers and easier and more secure way to pay on mobile devices than passwords or credit cards," said PayPal, according to BGR.

"PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5.

"The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. Paypal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens."

Read more: iPhone 5S TouchID fingerprint sensor hacked by collective

A similar method was used to break the iPhone 5S' fingerprint scanner last year, as you can see in the video below.