Samsung ‘investigating’ fingerprint security hack on the Galaxy S5


Security firm FireEye claims it has found a security flaw with the Samsung Galaxy S5 smartphone which allows hackers to take copies of fingerprints used to unlock the device.

FireEye researchers told Forbes that the security glitch exploits a weakness in how the Android operating system handles biometric data, making it possible for hackers to steal personal information from the secure area of the device, known as the Trusted Zone.

“If the attacker can break the kernel, although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time,” said a FireEye researcher.

“Every time you touch the fingerprint sensor, the attacker can steal your fingerprint.”

The Samsung Galaxy S5 isn’t the only smartphone that has this problem.

The flaw could also potentially affect any Android device that uses fingerprint recognition. However, the vulnerability does not affect devices running the newest version of Android – Lollipop 5.0 and above. For reasons like this, where possible, it is always advisable for users to upgrade to the latest version of the operating system.

The team from FireEye are due to present their findings at a security conference in San Francisco later today (April 24), as Samsung has apparently said it is taking the claims “very seriously”.

This isn’t the first time that flaws have been found with some of the fingerprint security systems used on mobile phones. Last year, hackers were able to access the Galaxy S5 by making a mould of a fingerprint that had been used to unlock the device.

These problems are also not exclusive to Samsung or Android devices. In 2013, hackers from Germany successfully hacked the fingerprint sensor on the iPhone 5S.

Despite question marks in whether or not fingerprint recognition is as secure as one might expect, this technology is increasingly being used to unlock smartphones and tablets, as well as being used to authorise mobile payments.

Earlier this week, PayPal exec Jonathan LeBlanc revealed plans for a new form of technology that would eliminate the need for passwords and fingerprint scanners.

According to LeBlanc, the online payments company is working on a new generation of microchips that could be injected or implanted into the human body and used for “natural body identification”.

Source: Forbes