U.S. Sen. Al Franken is raising questions about the security of Samsung’s Galaxy S5 smartphone in the wake of reports that its fingerprint scanner has been hacked.
In a letter to the South Korean electronics giant, the Minnesota Democrat expressed concern about the apparent security vulnerability and Samsung’s use of fingerprint technology beyond granting access to the device — such as sending money through PayPal.
“I am concerned by reports that Samsung’s fingerprint scanner may not be as secure as it may seem — and those security gaps might create broader security problems on the S5 smartphone,” Franken wrote. “I am writing to request information on how Samsung is addressing these and other privacy questions.”
Researchers in Germany demonstrated how to hack the Galaxy S5 using a rubber mold made from latent fingerprints lifted off the phone’s screen. They posted a YouTube video demonstrating the security flaw.
Apple’s Touch ID technology was similarly hacked, Franken noted in his letter. But unlike the competitor’s product, Samsung allows for unlimited attempts to access the device without requiring a password and permits the broad use of the fingerprint scanner to access apps. This, he notes, invites abuse by “bad actors.”
Franken posed more than a dozen questions to Samsung, inquiring how it secured the fingerprints, whether such data could be accessed remotely and how third-party applications interact with this biometric information. He also asked whether Samsung could assure its users that it would never share their fingerprints with any government, absent the proper legal authority and process, such as a warrant.
“I’m not trying to discourage adoption of fingerprint technology for consumer mobile devices,” Franken wrote. “Rather, my goal is to urge companies to deploy this technology in the most secure manner reasonable — and create a public record around how companies are treating sensitive biometric information.”