The Galaxy S5’s fingerprint sensor has been deemed less secure than the iPhone 5s’ Touch ID, as Samsung has failed to implement failsafe techniques to prevent stolen devices from being unlocked with a faked print.
According to Berlin-based SR Labs, Samsung’s implementation of its Synaptics-based fingerprint sensor “leaves much to be desired.” Last October, SR Labs reproduced a finger imprint using high-resolution sensors, a piece of glass, and a ceramic mould. While such a reproduction would be time-consuming and expensive, Apple’s implementation was given some credit for forcing users to intermittently enter a password to continue using Touch ID for authentication. Samsung, on the other hand, allows for “seemingly infinite authentication attempts,” even in apps like PayPal, with which the Korean OEM partnered for payments.
PayPal has released a statement saying that because the payment authentication uses a crytographic key, which relies on a user’s password, in addition to the fingerprint itself, for authentication, the company can remotely de-activate fingerprint activation from the app if the device is stolen. SR Labs impresses upon Samsung to be more vigilant with its fingerprint sensor implementation, as it leaves devices more open to spoofing than any other currently on the market.