Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Samsung Galaxy S5 fingerprint sensor hacked

SRLabs researchers have published a video POC on YouTube to demonstrate how it is easy to bypass the fingerprint sensor on Samsung Galaxy S5. SRLabs researchers have published a video Proof of Concept on YouTube to demonstrate that they were able to bypass the fingerprint authentication mechanism implemented by Samsung Galaxy S5. The researchers demonstrated to […]

Samsung Galaxy S5 fingerprint sensor hacked

SRLabs researchers have published a video POC on YouTube to demonstrate how it is easy to bypass the fingerprint sensor on Samsung Galaxy S5.

SRLabs researchers have published a video Proof of Concept on YouTube to demonstrate that they were able to bypass the fingerprint authentication mechanism implemented by Samsung Galaxy S5. The researchers demonstrated to gain unauthorized access just by using a lifted fingerprint with wood-glue based dummy finger. Remind you of anything?

Principal mobile manufacturers tried to improve user’s security adding biometric authentication system based for example on Fingerprint feature. Months ago Apple proposed its Apple TouchID system that was easily hacked and today’s security experts have found a way to bypass also the Samsung Galaxy S5 Fingerprint feature. The feature implemented in the Samsung Galaxy S5 was also used to facilitate payments through PayPal and theoretically also to make it more secure.

samsung galaxy s5 fingerprint

Samsung Galaxy S5 also implemented a smart feature to allow users to easily transfer money via PayPal circuit just by swiping a finger on the fingerprint sensor, but considering the attack presented by the teamSRLabs  could allow bad actors to access to victim’s PayPal account without providing any secret password. A few days after the official commercial launch of the Samsung Galaxy S5 security experts have successfully hacked Fingerprint sensor with a method quite similar to the one adopted to deceive the Touch ID sensor proposed by Apple.

SRLabs researchers exploited the poor security implementation in the handset fingerprint scanner,  the Samsung Galaxy S5 fingerprint scanner in fact allows multiple incorrect attempts without requiring a password, this means that a bad actor could potentially make an infinite number of tries until the correct match.

Another concerning issue related to the hack presented by the researchers is that after mobile restart the Samsung Galaxy S5 doesn’t require user to enter a passcode before he can use his fingerprint to unlock the Smartphone, this means that in case of theft attackers could have complete access to the device. Despite attackers need to have physical access to the Samsung Galaxy S5 to exploit the vulnerability, it is clear that Fingerprint feature implemented by the giant lack of a proper security design.  I’m sure Samsung will promptly fix it.

Pierluigi Paganini

(Security Affairs –  Samsung Galaxy S5, mobile)