In what could come as a huge setback for Samsung Electronics' flagship smartphone, Galaxy S5, a researcher has raised security concerns on the fingerprint scanner of the device, claiming that the sensor of the device can be hacked using a fingerprint spoof.
The news came just a few days after the release of Samsung Galaxy S5 in about 150 countries after months of speculations.
SRLabs, Germany's Security Research Labs, has released a video demonstrating how a hacker can breach the fingerprint security of Samsung Galaxy S5. The researcher uses a 'wood glue spoof' made from a mold, which was used in spoofing attempt of Apple's iPhone 5S last year, to bypass Galaxy S5's fingerprint lock, according to the video.
"Despite being one of the premium phone's flagship features, Samsung's implementation of fingerprint authentication leaves much to be desired. The finger scanner feature in Samsung's Galaxy S5 raises additional security concerns to those already voiced about comparable implementations," said the researcher in the video released on Wednesday.
The researcher went on to say that one can make multiple incorrect attempts on the fingerprint scanner without providing a password, which means hackers can use one spoof fingerprint after another until they have access to the device. Once access is gained, one can open even secure apps like PayPal and use the owner's account, as no further security is required.
PayPal has raised concerns over the findings of SRLabs through a statement obtained by CNET, but maintained that fingerprint authentication is more secure to pay on mobile phones.
"While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards," said a statement from PayPal.
"PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy."
VIDEO: Samsung Galaxy S5 Fingerprint Scanner also susceptible to ordinary spoofs