While you may think your new Galaxy S5 is super secure when using fingerprint authentication, you’d be surprised by how easily it can be fooled. Using ordinary wood glue, a team of security researchers were able to create a dummy fingerprint and not only unlock the Galaxy S5 but also gain access to its PayPal app.

The hack was discovered by SRLabs, which demonstrates how it works in the video below.

As noted by SRLabs, Apple’s Touch ID can be spoofed using the same trick, but the Cupertino company has added additional security measures that provide an extra level of protection. Samsung’s implementation of fingerprint security makes the Galaxy S5 much more vulnerable.

When you restart an iPhone, you must use a regular password to unlock it before you can use Touch ID. Furthermore, if Touch ID doesn’t recognize your print after a certain number of attempts, it won’t work again until you’ve entered a password.

The Galaxy S5 doesn’t require a password after a restart, and it allows for unlimited authentication attempts without asking for a password. What’s even more worrying is that unlike Apple, Samsung allows third-parties to use its Finger Scanner, and one of those to support the Galaxy S5’s is PayPal.

So, using this trick, anyone could access your PayPal account from your Galaxy S5 — and even if they don’t get it right first time, they can keep trying over and over again until they do.

SRLabs acknowledges that biometric security will always come with security trade-offs to ensure convenience, but they rightly point out that it is the manufacturer’s responsibility to implement this technology in such a way that doesn’t put its users at risk.

PayPal is already aware of this problem, but in a statement to Boy Genius Report, the company said it is “still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards.”

PayPal also reminds users it can deactivate the biometric security on lost and stolen devices, and that it “uses sophisticated fraud and risk management tools to try to prevent fraud before it happens.”

Are you still confident that you can trust the Galaxy S5’s Finger Scanner to keep your data safe?

 

• SourceSRLabs
• ViaBoy Genius Report