Samsung jumped on the biometric bandwagon as well this year. It put a fingerprint scanner in the home button of its 2014 flagship, the Samsung Galaxy S5. Its a bit different from its counterpart on the iPhone 5s. Users have to swipe from top to bottom whereas on the iPhone 5s they simply have to place their fingers on the home button. Initial reports suggest that the fingerprint scanner seems to be working fine for most users. One might expect that the scanner offers an additional layer of protection, but as it turns out, its not that hard to spoof it.
The folks at SRLabs have been able to spoof the fingerprint scanner of Galaxy S5 by using a lifted print. Within minutes they were able to create a “dummy finger” which was then used to gain access. Now there’s nothing inherently wrong with the scanner, even the scanner on iPhone 5s can be spoofed this way.
Implementation of the scanner can prove to be a risk though. Unlike Apple, the scanner on Galaxy S5 can even be used to authorize PayPal payments. Apple doesn’t allow developers to tap into TouchID, all it can do is provide access and authorize purchases on iTunes. Moreover, Apple requires users to punch in their password one time before using fingerprint for authentication. So if a device is powered off, users will first have to enter the password after they boot it up, before they’re allow to use the scanner. Galaxy S5 doesn’t have this gatekeeping mechanism.
A video of this spoof has also been posted online, showing us just how easy it is to trick these fingerprint sensors. Paranoid users might want to wipe the scanner down after every time they use it, but that’s just too much of a nuisance.