U.S. Senator Al Franken is concerned that Samsung’s Galaxy S5 may not be secure enough after researchers have demonstrated that its fingerprint sensor is hackable.
In the letter, Franken writes that security vulnerabilities discovered in the fingerprint scanner could create broader issues with the phone.
For example, Franken seems worried that since any user could send money through PayPal after being verified with a fingerprint, a thief could easily deplete one’s accounts if he or she hacks the biometric scanner.
Shortly after the Galaxy S5 hit stores, German researchers posted a video detailing how to get around the Galaxy S5’s fingerprint sensor.
Hackers did the same for Apple’s iPhone 5s after it debuted, but Franken said that the Galaxy S5’s fingerprint scanner is more troubling since it allows for unlimited attempts before forcing the user to enter a password.
Franken also pointed out the potential security risks in replacing a password with a fingerprint scan. Despite recent internet breaches such as the Heartbleed bug, the core idea of a password is that it’s a secret. Fingerprints, as Franken notes, are the opposite.
A clever con artist could easily lift your fingerprint off your phone’s screen, as Nicholas Percoco, vice president of strategic services at IT security firm Rapid7 said in a previous interview with Business Insider.
“The other thing is, you can’t change your fingerprints,” Percoco said. “So you really only have 10 shots.”
Franken posed a list of 13 security questions to Samsung regarding the S5 that he requested be answered with a month of receiving the letter. He also acknowledged that these questions are nearly identical to the ones he had asked Apple last year concerning the iPhone 5s.
“I’m not trying to discourage the adoption of fingerprint technology for consumer mobile devices,” he wrote. “If adopted with strong safeguards, this technology could prove to be convenient and beneficial.