found that a wood glue mold from the fingerprint used on the Galaxy S5 could let someone gain un-authorized access to your device. Now given that the fingerprint sensor works with the PayPal app, anyone breaching can also access mobile payments.
The source used the same mold that it did for iPhone 5s Touch ID, but Galaxy S5 has more concerns – the mold was taken from an image of the fingerprint on the screen, rather than from a real finger.Apple requires users to input their password after rebooting iPhone 5s; however, Galaxy S5 doesn’t require a password and just requires a finger – or perhaps a spoof for unauthorized access. Also, you just need your finger to access the PayPal app on Galaxy S5.
A SRLabs researcher recently said:
“Despite being one of the premium phone’s flagship features, Samsung’s implementation of fingerprint authentication leaves much to be desired,” “The finger scanner feature in Samsung’s Galaxy S5 raises additional security concerns to those already voiced about comparable implementations.”
Samsung Galaxy S5 is in the Fast Online Alliance makes efforts for mobile security, so the fingerprint is stored inside the device, rather than sent to the cloud. PayPal stated the following recently on BGR:
“While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards.”
“PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone.”
While it may not sound anything big, the absence of another safety check could lead to concerns.
What do you think ?