Galaxy S5 fingerprint scanner has been hacked, PayPal users at risk

When we reviewed the Samsung Galaxy S5, we thought the fingerprint scanner worked well enough, though we didn’t have too much fun swiping downward. Still, we thought it was great that the fingerprint scanner lets you make payments through PayPal. However, a recent hack showed that the GS5’s biometric scanner has the same problem as the iPhone 5S: it’s hackable.

Security Research Labs (SRLabs) recently uploaded a YouTube video, showing that the fingerprint scanner on the Galaxy S5 can be easily spoofed. By using a lifted fingerprint, it was able to make a wood glue spoof made from a mold that the firm also used to trick the iPhone 5S’ fingerprint scanner, Touch ID.

However, there are differences in how both fingerprint scanners are utilized. Touch ID requires you to enter your password one time before you can use your fingerprint as a way to unlock the phone. In addition, every time you reboot the iPhone 5S, you must enter your password once. There are no such steps with the Galaxy S5, even after rebooting the phone.

What’s equally alarming is, even after a reboot, you don’t need a password to use PayPal and make any payments through the service. So long as the app was configured to allow for fingerprint authentication, you’re good to go.

You can watch how SRLabs accomplished the hack below.

Get our Top Stories delivered to your inbox: