Galaxy S5 fingerprint scanner bypassed using old Apple Touch ID spoof

[Nytro]

Galaxy S5 fingerprint scanner bypassed using old Apple Touch ID spoof

The Samsung Galaxy S5 was released on Friday and, similar to the release of the iPhone 5s back in late September 2013, it only took a few days before the fingerprint scanner was hacked.

Ben Schlabs, project manager with Security Research Labs, a group that also bypassed Apple's Touch ID, told SCMagazine.com on Wednesday that bypassing the fingerprint scanner on the Samsung device was even more seamless, and may open the door for more problems.

The Germany-based company posted a video demonstration on Tuesday.

Schlabs said he easily fooled the Galaxy S5 scanner by simply picking up a dried out fingerprint spoof – lying around since his tests on the iPhone 5s Touch ID – and swiping it over the fingerprint scanner of the brand new Samsung mobile device.

“The first spoof I swiped over the sensor worked immediately,” Schlabs said. “For whatever reason, that particular spoof was and is rejected by the iPhone, but works on the S5.”

The fingerprint spoof was made from a glue mold using a fingerprint that could effortlessly be lifted from the device, Schlabs said, explaining that anyone with $20 and a decent grasp of arts and crafts can pull this off in the amount of time it takes for the glue to dry.

The Galaxy S5 fingerprint hack may end up spelling more trouble for Samsung than the Touch ID hack did for Apple because the Galaxy, perhaps inadvertently, offers unlimited attempts to swipe a fingerprint, and also does not require a passcode when the device is powered up, Schlabs said.

“As it stands, turning off the screen and turning it back on allows for one additional swipe attempt every time,” Schlabs said. “This gives would-be spoofers unlimited attempts, greatly increasing their chances of success.”

Another concern about the Galaxy S5 fingerprint bypass is that it can be abused to authenticate transactions using PayPal. In a statement emailed to SCMagazine.com on Wednesday, a spokesperson said that eligible transactions are covered by PayPal's purchase protection policy should a related incident occur.

“PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5,” according to the statement. “The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one.”

These types of “biometric” features are so vulnerable to spoofing because fingerprints are left on every glossy surface we touch, and can easily be stolen and copied, Schlabs said, explaining fingerprint scanning as a safety feature may represent a step up in convenience, but it represents a step down in security.

Sursa: Galaxy S5 fingerprint scanner bypassed using old Apple Touch ID spoof - SC Magazine

[daatdraqq]

Daca autentificarea se face prin "glisarea" degetului in jos , nu ramane nicio amprenta valida pe care sa o poti copia .

In schimb daca ai deja amprenta pe plastilina aia sau ce cacat e ,e normal sa mearga autentificarea .

[1337]

Daca autentificarea se face prin "glisarea" degetului in jos , nu ramane nicio amprenta valida pe care sa o poti copia .

In schimb daca ai deja amprenta pe plastilina aia sau ce cacat e ,e normal sa mearga autentificarea .

Ok, sa zicem ca nu ramane nicio amprenta dupa autentificarea cu aceasta, ecranul este unul touchscreen si navigarea pe telefon nu se face prin glisarea degetului peste tot, daca victima tasteaza un numar sau scrie un mesaj?Amprentele tuturor degetelor vor fi lasate pe toata suprafata ecranului, de acolo pot fi replicate cu usurinta.

[daatdraqq]

Amprentele tuturor degetelor vor fi lasate pe toata suprafata ecranului, de acolo pot fi replicate cu usurinta.

Teoretic da ,insa practic pe ecran iti raman franturi de amprenta si aici intra in discutie cat % din amprenta accepta Samsung ca fiind o amprenta valida. O amprenta completa este considerata de la o latura a degetului pana la cealalta .

[1337]

Teoretic da ,insa practic pe ecran iti raman franturi de amprenta si aici intra in discutie cat % din amprenta accepta Samsung ca fiind o amprenta valida. O amprenta completa este considerata de la o latura a degetului pana la cealalta .

Trebuie cercetata treaba,poti sa-ti lasi amprentele si pe un pahar sau pe spatele telefonului,le poti scoate si dintr-o poza facuta cu DSLR (la degete).

Sent from my SM-N9005 using Tapatalk