The mobile and technology forums around the world were agog with one question after the launch of Samsung's next generation flagship smart phone, Samsung Galaxy S5. How long it will take for someone to crack the much hyped fingerprint scanner of Galaxy S5. Apples flagship iPhone 5s, released last year took just 48 hours to be cracked. Readers may know that the Touch ID fingerprint scanner on Apple’s iPhone 5S was hacked by Chaos Computer Club just 48 hours after its launch last September.
Well Samsung Galaxy S5 took a bit longer. The techies and enthusiasts working on Samsung Galaxy S5 took exactly 4 days to crack its fingerprint scanner. Researchers at Germany’s Security Research Labs (SRLabs) managed to hack the S5's fingerprint scanner using pretty much a similar method that was used to crack the iPhone 5s TouchID fingerprint scanner.
SRLabs has published its method on a YouTube clip which I have embedded at the bottom of this post. Another tech analyst, IHS iSuppli also managed to teardown the S5 but the cost was more than the teardown cost of iPhone 5s. It cost IHS around $256.62 (£153/Rs.15000.00) to teardown the Galaxy S5 32GB version, significantly more than an iPhone 5S with the same amount of NAND flash memory, which comes in at $207 (£123.80).
The breakup given by IHS for the teardown is as follows :
Qualcomm MSM8974AC processor at an estimated $41 (£24.50) which, when combined with NAND and DRAM, comes to $102.37 (£61). The 1920x1080 OLED display is the next priciest component at $63, followed by the 16MP and 2MP cameras ($18.70, £11) and the 2 x 2800mAh 3.85V Li Ion batteries ($11, £6.60).
Coming back to the hacking of fingerprint scanner, Samsung will have to make heavy duty changes to counter the hack. According to the voiceover in the YouTube video "Despite being the premium phones (S5's) flagship features, Samsung's implementation of fingerprint authentication leaves much to be desired" It goes on to add that "the spoof was made under lab conditions but is based on nothing more than a camera phone photo of an unprocessed latent print on a smartphone screen."
A PCB mould is then made from the photo, into which wood glue is smeared to make the dummy fingerprint.
The problem is that iPhone 5s fingerscanner is not being used as of now for any payment gateway but Samsung Galaxy S5 is. The Samsung Galaxy S5's fingerprint scanner if hacked can grant the exploiter unrestrained access access to “highly sensitive apps” such as PayPal, giving “a would-be attacker an even greater incentive to learn the simple skill of fingerprint spoofing”, the researchers said.
SRLabs has said that it has contacted Samsung but is yet to receive any reply. The video of the hack is given below :