Remember in my previous post when a couple of researchers figured out how to bypass the iPhone 5S' fingerprint lock with a fancy fake rubber finger?
Turns out, the fingerprint sensor on Samsung’s new Galaxy S5 falls victim to the very same trick. They didn’t even have to make a new mold.
While the executions are nearly identical, the end result is somewhat more severe in Samsung’s case. Apple limits fingerprint-authenticated payments to the App Store, whereas Samsung’s PayPal tie-in (allowing users to log in to PayPal with their fingerprint) potentially puts a user’s larger financials at risk. But of course, tricking either phone’s fingerprint sensor opens up access to any email account configured on the device and really, that’s about as bad as it gets.
The big lesson here: a fingerprint password is better than no password at all, but it’s not bulletproof. If you’re a secret spy shuttling important documents around on your phone? Maybe pick something else.
For the curious, here’s the original iPhone 5S video that shows the entire finger-faking process:
No comments:
Post a Comment