- Jan 24, 2011
- 9,378
When Samsung unveiled the latest in its Galaxy series of Android smartphones, gadget reviewers focused on the Galaxy S5's fingerprint scanner, a feature that the rival iPhone 5s has done much to popularize.
Samsung's positive buzz over the Galaxy S5 didn't last long - security researchers from SRLabs soon posted a video on YouTube demonstrating how they were able to trick the scanner with a fake fingerprint made of wood glue.
Indeed, the same approach allowed a similar and well-publicised hack of theiPhone 5s Touch ID last year, the researchers from SRLabs said in their video.
To use SRLabs's fake fingerprint, an attacker simply places the wood glue replica over the tip of his finger and swipes as usual over the scanner, which is embedded in the Galaxy S5's home button.
The wood glue is poured into a mold made out of a laser printout created from a photo of the victims's fingerprint.
With the right image contrast and printer settings, the buildup of toner on the printout creates a 3D representation of the fingerprint that is accurate enoughto "cast" a replica that will fool the phone.
According to the researchers, a latent fingerprint left behind by the owner on a stolen phone can be snapped with another phone's camera, giving an image of sufficient quality to print out a usable mold.
"Despite being one of the premium phone's flagship features, Samsung's implementation of fingerprint authentication leaves much to be desired," one of the researchers said in the video.
What's worse, Samsung's implementation is even less secure than Touch ID that Apple unveiled in September 2013, which is ironic given the formerSamsung CEO's contention that "beating Apple is no longer merely an objective, [but] our survival strategy."
Read more: http://nakedsecurity.sophos.com/201...-fingerprint-hacked-iphone-5s-all-over-again/