Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Samsung Galaxy S5 flaw allows hackers to clone fingerprints

Researchers explained that hackers would be able to access phones at any time if they had access to data of the user's fingerprint

Sunday 26 April 2015 16:15 BST

The Galaxy S5, which supports wireless charging but only with an additional accessory (Samsung)

Biometric information has long been touted as the solution to the ever-fallible password, but new research has shown that it may not be as safe as generally assumed.

Hackers may be able to clone fingerprints and gain access to phones such as the Samsung Galaxy S5’s software, according to cyber-security company FireEye.

It is possible to steal biometric date, essentially the fingerprint, before it reaches a segmented and encrypted “safe zone” and create copies of people’s fingerprints for further attacks on their phone, Tao Wei and Yulong Zhang claim.

10 best smart phones

Show all 10

1/1010 best smart phones

10 best smart phones

Samsung Galaxy S5

With a gloriously bright and colourful 5.1in screen, the S5 has significantly improved battery life. Features that impress include the fingerprint sensor under the home button to keep the phone secure and the fast 6MP camera. £569.95, carphonewarehouse

10 best smart phones

Apple iPhone 5s

Though it was released in October, this is an impressive phone with good design and its 4in display is pin-sharp. The iPhone operating system is elegant and more intuitive than rivals. The camera is 8MP, not as high resolution as some, but the fastest on test. There’s a fingerprint sensor for extra security. From £549, store.apple

10 best smart phones

Motorola Moto G

If you’re upgrading to your first smart phone, this slick, good-value model is one to consider. It has a screen that’s bigger than the iPhone 5s at 4.5ins, and higher resolution. £119.95, amazon

10 best smart phones

HTC One (M8)

This year’s model is slick and beautiful with an all-metal back. The camera has just 4MP resolution but the sensor is bigger and better at sucking in light and has two lenses to record extra data for further effects. We like the Android’s attractive and user-friendly software, particularly the gesture controls so you can answer a call just by picking it up. £529.95, carphonewarehouse

10 best smart phones

Sony Xperia Z2

The new 5.2in-display Sony is solid, handsome and waterproof, so you can text in the bath. The camera is very strong – 20.7MP. The audio is also great thanks to special headphones with the phone that have digital noise-cancelling. £599, shop.sonymobile (available for pre-order)

10 best smart phones

Nokia Lumia 1020

This is one for photo aficionados. It has a 41MP sensor: the results are stunning. It uses the Windows Phone operating system. For us, the highlight is the fact that maps are available for free download, so you can use the phone as a satnav abroad with no data charges. £479.99, shop.o2

10 best smart phones

Apple iPhone 5c

Apple’s lower-priced handset has a glossy plastic case that looks and feels anything but cheap. The screen is the same as on the pricier 5s and the operatingsystem is identical. The main point of difference is it’s not quite as fast as on the 5s. From £429, store.apple

10 best smart phones

Yotaphone

Along with a regular 4.3in screen, the back of this phone is a display as well, a monochrome e-ink one, like on a Kindle e-reader. This screen uses no power except when the content changes so you can save data there and it’s safe even if you run out of juice. £419, yotaphone

10 best smart phones

Motorola Moto X

Uniquely, this phone responds when you say “Okay Google Now” even when it’s on standby. Then it’ll answer your spoken question. It has a good 4.7in screen and you can launch the 10MP camera by a flick of the wrist. £319.95, phones4u

10 best smart phones

Nokia Lumia 1520

This is a 6in-screen mobile making it ideal for e-book reading and web surfing. The display, like the Nokia Lumia 1020, is designed to be easy to read even in bright sunlight. You can wake the screen by tapping it and even use it with gloves on. £352, amazon

The researchers say that any hacker who can acquire user-level access and run a program as a root, the lowest level of access on computers and smartphones, could collect fingerprint information from affected Android phones.

The Samsung Galaxy S5, they said, would be a particularly tempting target as malware needs only system-level access.

Speaking to Forbes, Zhang said: “If the attacker can break the kernel (the core of the Android operating system), although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time.

“Every time you touch the fingerprint sensor, the attacker can steal your fingerprint.”

He said that once the attacker had acquired the fingerprint, they could then do “whatever they want” with the phone.

These claims will add to security concerns surrounding biometrics, set to become the standard form of authentication for mobile devices.

Apple’s Touch ID was broken into by a Berlin hacker group known as the Chaos Computer Club in 2013.

In video posted to YouTube they showed how they could register an index finger on the phone and then, by covering the same hand’s middle finger with a piece of latex with the spoofed index finger print, access the phone in seconds.

Wei and Zhang said that all Android phones below the 5.0 operating system with fingerprint authentication were affected.

Though they said that their testing had not gone beyond testing Android devices, they said that the issue was likely to be more widespread.

Other Android devices that use fingerprint sensors include the HTC One Max, the Motorola Atrix, the Samsung Galaxy Note 4 and Edge, the Galaxy S6 and the Huawei Ascend Mate 7.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies