Remember back in September when a couple of researchers figured out how to bypass the iPhone 5S’ fingerprint lock with a fancy fake rubber finger?
Turns out, the fingerprint sensor on Samsung’s new Galaxy S5 falls victim to the very same trick. They didn’t even have to make a new mold.
Germany’s SRLabs released the video above this morning demonstrating the trick. They first train the phone to recognize their finger, then immediately test the sensor with a rubber stand-in. Sure enough, they get right in.
To be clear, this is not an easy trick to pull off. You need a fair amount of time and expertise, both in lifting the original fingerprint and in creating a rubber mold from it. It’s something to be aware of — but as others have said: if someone is going so far as to make fake replicas of your finger, you probably have bigger things to worry about.
While the executions are nearly identical, the end result is somewhat more severe in Samsung’s case. Apple limits fingerprint-authenticated payments to the App Store, whereas Samsung’s PayPal tie-in (allowing users to log in to PayPal with their fingerprint) potentially puts a user’s larger financials at risk. But of course, tricking either phone’s fingerprint sensor opens up access to any email account configured on the device… and really, that’s about as bad as it gets.
The big lesson here: a fingerprint password is better than no password at all, but it’s not bulletproof. If you’re trying to keep your bored toddler or a drunken friend from getting in to your phone, sure — fingerprint away. But if you’re a secret spy shuttling important documents around on your phone? Maybe pick something else.
For the curious, here’s the original iPhone 5S video that shows the entire finger-faking process: