Despite their ongoing court battles, it turns out Apple and Samsung do have something in common after all. German researchers successfully spoofed the fingerprint scanner on Samsung’s new Galaxy S5 smartphone using the same technique employed to fool the Apple iPhone 5S scanner last year.
A video posted to YouTube by Security Research Labs depicts the “wood glue spoof,” which involves making a mold based on a photo of a fingerprint captured from the smartphone’s screen. The mold is then used to fool the fingerprint scanner.
"The finger scanner feature in Samsung's Galaxy S5 raises additional security concerns to those already voiced about comparable implementations," says a researcher in the video. Security Research Labs points out that the Galaxy S5’s software allows for unlimited finger scans without locking down the device, opening the door for would be thieves to make repeated attempts to hack into the phone’s security.
The GS5’s scanner implementation also allows for direct access to PayPal and other apps without any additional passwords or other authentication. While touted as a feature allowing for easy, secure mobile payments, SRLabs shows how hacking the scanner opens the door to financial accounts and other sensitive data stored on the phone. Though perhaps unlikely, SRLabs’ work shows how a thief armed with a camera and some wood glue could break into a stolen GS5.
Motorola actually released a fingerprint scanner on its Atrix 4G smartphone in 2011. The technology didn’t catch on, however, and the concept was all but ignored until Apple re-introduced it in iPhone 5S. Samsung now joins Apple and HTC has the high profile brands currently selling smartphones with built-in fingerprint recognition. HTC’s One Max, which went on sale in November of last year, features a scanner on its back panel. Both Apple and Samsung embedded their scanners on the front-mounted Home button.
Last September, a researcher going by the name Starbug hacked Apple’s then-new TouchID fingerprint scanner using the same basic fingerprint mold technique. Starbug’s hack of an iPhone 5S was the winning entry in an online contest to get the better of TouchID. The hack was posted to the Internet roughly 48 hours after iPhone 5S went on sale.