large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

New security flaw surrounds the Galaxy S5’s fingerprint scanner

Researchers claim to have discovered a serious flaw affecting the fingerprint scanners used on Android smartphones, such as the Samsung Galaxy S5.

FireEye’s Yulong Zhang and Tao Wei told Forbes that it’s possible for hackers to “easily” steal biometric data stored on a mobile before it’s been properly secured in the ‘trusted zone’.

They could then create copies of users’ fingerprints, and commit further attacks.

“If the attacker can break the kernel, although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time,” said Zhang.

“Every time you touch the fingerprint sensor, the attacker can steal your fingerprint.

“You can get the data and from the data you can generate the image of your fingerprint. After that you can do whatever you want.”

Zhang and Wei said this issue could affect all fingerprint scanner-equipped Android handsets running Android 5.0 Lollipop and below, though attackers would require a high level of access to the targeted phone.

It’s a serious flaw, since an increasing number of smartphones, including the Samsung Galaxy S6 and Huawei Ascend Mate 7, allow consumers to authorise transactions using fingerprints.  

FireEye singled the Galaxy S5 out for deeper criticism, since attackers would simply need access to its memory in order to steal information.

“Samsung takes consumer privacy and data security very seriously,” the company reportedly responded. “We are currently investigating FireEye’s claims.”

Related: Android 5.0 Lollipop tips and tricks

Updating to Android 5.1.1 should remove the vulnerabilities, according to Zhang and Wei.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.