Samsung introduced an additional security feature, the fingerprint sensor in the Galaxy S5, which can also be used to make Paypal payments as well. Paypal announced the service is active in 25 countries — unfortunately, Verizon disabled the service on their Galaxy S5 variant.
It’s bee less than a week since the device went on sale, and it has been hacked already. This also puts the Paypal payment system at risk of being used by hackers to make payments.
Apple’s Touch ID system was also hacked a few days after it’s release, but it’s not as dangerous as the one found in the Samsung Galaxy S5 since it can be used to make payments through Paypal as well.
This is a security risk, and Paypal has provided the following statement to the folks at BGR regarding this issue,
While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.
The bug was discovered by the German security blog H Security, who also posted a video of how it works. Here’s a video showing the exploit in action.
Source: BGRFiled Under: Mobile Phone News, Top News