Samsung Galaxy S5 Watch Thread

[MrCrispy]

The thing is that TouchID is pretty much the only reason Apple advertises as the reason to upgrade to the 5S. The newer SoC etc is irrelevant to most people, they just look at the ads which show fingerprint sensor.

Samsung doesn't sell the S5 based on it having a fingerprint sensor, its just a tiny feature which they don't even talk about very much.

TouchID is the cornerstone of Apple's upgrade lineup. They held it back from the iPad Air and iPad Mini just so they could add it to this years lineup (with a AB cpu) and have a new model.

 

[Aurelius]

Not too difficult to comprehend. It took two days after iPhone 5S launch. So, based on that it took them five days after Galaxy S5 launch using the same technique they already refined.

I never said "perfect" but "more secure" so go back and reread my post. In one of my other posts I wanted someone to give them a S5 to see how long it would take them because I knew it would be longer.

Requiring a passcode can easily be added via software.

Anyone who deals with security knows there's no such thing as perfect unbreakable security. You can only increase the time and/or resources required to break something but anyone with more resources and/or time like the government can break it.

There's a basic error in logic here. This isn't a software crack, where it takes extra effort to achieve the same feat. It's a simple matter of when someone bothered to test the vulnerability and make it public. As I mentioned earlier, SR Labs relied on the exact same mold it had used to break the iPhone 5s; all it had to do was have the person behind the fingerprints register with the GS5 and check things out.

Hopefully, Samsung tightens its security in software. The real question is: if Samsung put the reader in as a response to what Apple did, why didn't it take lessons from that implementation and put in passcode requirements? I suspect it will now...

 

[mi7chy]

Hopefully, Samsung tightens its security in software. The real question is: if Samsung put the reader in as a response to what Apple did, why didn't it take lessons from that implementation and put in passcode requirements? I suspect it will now...

Hopefully, Samsung doesn't keep changing it so it stops working like Apple did...

From: Apple planning to release software update to fix Touch ID fading issue
http://www.iphonehacks.com/2014/02/apple-release-ios-software-update-fix-touch-id-fading-issue.html

To: Touch ID doesn't work after iOS 7.1 Update
https://discussions.apple.com/thread/5982552?tstart=0

Apple has achieved perfect fingerprint security.

 

[Aurelius]

Hopefully, Samsung doesn't keep changing it so it stops working like Apple did...

From: Apple planning to release software update to fix Touch ID fading issue
http://www.iphonehacks.com/2014/02/apple-release-ios-software-update-fix-touch-id-fading-issue.html

To: Touch ID doesn't work after iOS 7.1 Update
https://discussions.apple.com/thread/5982552?tstart=0

Apple has achieved perfect fingerprint security.

Yeah, that's a problem (though not a universal problem, from the sounds of it). Still, don't deny it: you've been trumpeting the GS5 as having superior fingerprint reading methodology for the past couple of months, and that's been completely shot down.

 

[Trimlock]

I sure as hell wouldn't trust it.

 

[MrCrispy]

I sure as hell wouldn't trust it.

But would you use it as a convenience. Its a hell of a lot more secure than not having a lock (like lots of people do), using a weak password etc. IMO if someone goes to the trouble of spoofing your fingerprint data, they're already determined enough to break in and are not a casual thief.

 

[Arizonian7]

The S5's fingerprint scanner and heart rate monitor ARE reasons why people but the S5 believe it or not.

Most people would say they're not features they'll use everyday but they're intrigued to but it because of the extra hardware features.

I mean when you have 2 phones, the SGS5 and the HTC One M8, the former has both a fingerprint scanner and a heart rate monitor while the latter doesn't have either feature. They both cost roughly the same. Most people would go for the SGS5 based on the number of features offered alone. The number of features offered on a phone has a direct correlation to sales.

 

[Trimlock]

But would you use it as a convenience. Its a hell of a lot more secure than not having a lock (like lots of people do), using a weak password etc. IMO if someone goes to the trouble of spoofing your fingerprint data, they're already determined enough to break in and are not a casual thief.

Yes but looking at how unreliable it is I doubt I'd ever use it.

 

[Justintoxicated]

But would you use it as a convenience. Its a hell of a lot more secure than not having a lock (like lots of people do), using a weak password etc. IMO if someone goes to the trouble of spoofing your fingerprint data, they're already determined enough to break in and are not a casual thief.

Maybe, but I'm always like "Hey Crystal, can you look up blah blah" while I am driving? She has my password so it's no problem. Not going to be the same if your the only person who can unlock it. I guess it goes both ways, but its' not a feature I would use.

 

[Erasmus354]

The S5's fingerprint scanner and heart rate monitor ARE reasons why people but the S5 believe it or not.

Most people would say they're not features they'll use everyday but they're intrigued to but it because of the extra hardware features.

I mean when you have 2 phones, the SGS5 and the HTC One M8, the former has both a fingerprint scanner and a heart rate monitor while the latter doesn't have either feature. They both cost roughly the same. Most people would go for the SGS5 based on the number of features offered alone. The number of features offered on a phone has a direct correlation to sales.

I would argue that, at least for me, removable battery and water resistance are much more important in my buying decisions. That is weighed against superior material quality of the M8.

 

[MrCrispy]

Maybe, but I'm always like "Hey Crystal, can you look up blah blah" while I am driving? She has my password so it's no problem. Not going to be the same if your the only person who can unlock it. I guess it goes both ways, but its' not a feature I would use.

In this case you'd also have her register her fingerprint to unlock.

 

[KENNYB]

Wow! I'm sold on the S5 (even though I already own Note 3) and Gear Fit (gorgeous and perfect use of curved display). Not so much on the Gear 2.

I noticed they implemented the fingerprint scanner correctly and more securely than iPhone 5s. It looks like it uses a strip that requires a swipe versus leaving a full fingerprint on the iPhone 5s than can be lifted to gain unauthorized access.

ahaha hahahahaha!!!

 

[Trimlock]

In this case you'd also have her register her fingerprint to unlock.

I feel like I should make another NSA joke here.

 

[mi7chy]

ahaha hahahahaha!!!

Is that a laughter of ignorance? If the owner uses his opposite non-phone operation hand for authentication how are you going to lift a clear fingerprint from the S5's non-glass back surface or even from the front glass side when it's smudged by the swiping action? In comparison, a full clear fingerprint is conveniently available right on the Touch ID button and it's recessed so not easily rubbed off from, for example, sliding it in and out of pocket.

 

[KENNYB]

Is that a laughter of ignorance? If the owner uses his opposite non-phone operation hand for authentication how are you going to lift a clear fingerprint from the S5's non-glass back surface or even from the front glass side when it's smudged by the swiping action? In comparison, a full clear fingerprint is conveniently available right on the Touch ID button and it's recessed so not easily rubbed off from, for example, sliding it in and out of pocket.

Yes, yes it is. I'm laughing at your entire ignorant post. I don't know why you keep mentioning that it took 5 days to defeat the fingerprint reader in the S5. All the news I read said 4 days. Maybe CCC would do it in less. More comedy:

As was the case with last September's Touch ID hack, the attack on Samsung's fingerprint reader used a "wood glue spoof" made from an etched PCB mold. The spoofed fingerprint was crafted by taking a camera-phone photo of an unprocessed latent print smudge left on a smartphone screen. Interestingly, the spoof was left over from work Schlabs did when researching Apple's Touch ID. For reasons he has yet to precisely determine, the spoof doesn't work against an iPhone, but it had no problem unlocking the S5.

 

[HardUp4HardWare]

...the laughter of ignorance....

Man, the stuff I read here....

 

[mi7chy]

Why bring up the time difference when that's not what you even replied to but anyhow...

iPhone 5S was released on 9/20/2013 and the fingerprint compromise was announced 9/21/2013 so that's two days.

http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid

Samsung S5 was released on 4/11/2014 and the compromise was announced 4/15/2014 so five days.

http://youtu.be/sfhLZZWBn5Q

And, you're still avoiding answering the question to what you replied to of how to get a clear fingerprint off of the S5 when using the opposite non-phone operation hand which is common sense if not standard protocol. Obviously, more difficult with the Galaxy S5's swipe reader and non-glossy back versus the iPhone 5S' press and lift reader and glossy back.

 

[KENNYB]

Why bring up the time difference when that's not what you even replied to but anyhow...

iPhone 5S was released on 9/20/2013 and the fingerprint compromise was announced 9/21/2013 so that's two days.

http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid

Samsung S5 was released on 4/11/2014 and the compromise was announced 4/15/2014 so five days.

http://youtu.be/sfhLZZWBn5Q

And, you're still avoiding answering the question to what you replied to of how to get a clear fingerprint off of the S5 when using the opposite non-phone operation hand which is common sense if not standard protocol. Obviously, more difficult with the Galaxy S5's swipe reader and non-glossy back versus the iPhone 5S' press and lift reader and glossy back.

I'm not avoiding that question. You're premise is ridiculous. You're stating that a person should never touch the front of their phone with the one digit that can unlock their phone. And this is supposed to be standard protocol? Hahahaha... And since you want to mention common sense how about wiping the front of the phone after unlocking?

Furthermore, the S5 was susceptible to a flaw that didn't affect the iPhone. Did you forget to read that part?
And furthermore again since once wasn't enough, Samsung didn't learn from Apple that the fingerprint reader would probably be bypassed quickly. Nope, lets tie that thing to Paypal! Even Apple limited the damage (so far) to iTunes.
And furthermore for the third time, if an iPhone user would to use a finger from the hand that will never touch the home button, the next home button press using the hand that does use the phone would overwrite (haha) the last fingerprint smudge on the sensor.

 

[mi7chy]

You're rambling on and on incoherently.

You need to clue up on the fact that there's no perfect security but there exists stronger and weaker security and best practices to reduce the threat window.

Swipe scanner is more secure since it less likely to guarantee a liftable fingerprint than with press and lift scanner.

Establishing a process to use the opposite hand to avoid leaving liftable fingerprints is a better practice than remembering to wipe after every single use. The only time you should wipe every time is after you take a crap.

And, what you quoted regarding using a fingerprint previously lifted off of the iPhone 5S isn't valid because again:

1) iPhone 5S press and lift scanner leaves a liftable fingerprint regardless of what limb you use

2) it wasn't taken from Galaxy S5 swipe scanner that is far less likely to leave a liftable fingerprint along with best practice further reducing the threat window by using the opposite hand for authentication

With Paypal they can enable bi or tri-factor (what you are (biometric), what you know (password) and what you have (token)) to reduce the threat window or opt out.

Based on your premise we should stop using technology since there's no perfect security but yet you use your computer, web servers, credit card, etc.

Keep laughing with your pants down.

 

[Arizonian7]

I'm not avoiding that question. You're premise is ridiculous. You're stating that a person should never touch the front of their phone with the one digit that can unlock their phone. And this is supposed to be standard protocol? Hahahaha... And since you want to mention common sense how about wiping the front of the phone after unlocking?

Furthermore, the S5 was susceptible to a flaw that didn't affect the iPhone. Did you forget to read that part?
And furthermore again since once wasn't enough, Samsung didn't learn from Apple that the fingerprint reader would probably be bypassed quickly. Nope, lets tie that thing to Paypal! Even Apple limited the damage (so far) to iTunes.
And furthermore for the third time, if an iPhone user would to use a finger from the hand that will never touch the home button, the next home button press using the hand that does use the phone would overwrite (haha) the last fingerprint smudge on the sensor.

But the iPhone's fingerprint scanner is more hackable than the Galaxy S5's fingerprint scanner.

Let's not forget that.

 

[KENNYB]

You're rambling on and on incoherently.

You need to clue up on the fact that there's no perfect security but there exists stronger and weaker security and best practices to reduce the threat window.

You're the one making bold statements that Samsung did its fingerprint reader "correctly".

Swipe scanner is more secure since it less likely to guarantee a liftable fingerprint than with press and lift scanner.

And this does nothing if a print is on the device somewhere else. Like oh say the giant screen.

Establishing a process to use the opposite hand to avoid leaving liftable fingerprints is a better practice than remembering to wipe after every single use. The only time you should wipe every time is after you take a crap.

And, what you quoted regarding using a fingerprint previously lifted off of the iPhone 5S isn't valid because again:

1) iPhone 5S press and lift scanner leaves a liftable fingerprint regardless of what limb you use

2) it wasn't taken from Galaxy S5 swipe scanner that is far less likely to leave a liftable fingerprint along with best practice further reducing the threat window by using the opposite hand for authentication

Since this part went over your head let me give you an example.
1. Register pinky with TouchID. This is probably the least likely to be used digit on a smartphone.
2. Unlock phone using pinky.
3. Starting using iPhone. It's highly likely the home button will be used during normal use. Pink print will be overwritten.

Since you've probably never used an iPhone you don't know that the home button is used all the time.

With Paypal they can enable bi or tri-factor (what you are (biometric), what you know (password) and what you have (token)) to reduce the threat window or opt out.

Using a strong password is still much, much stronger than using your fingerprint. Why add a deadbolt to a door lock if I've already added a barricade?

Based on your premise we should stop using technology since there's no perfect security but yet you use your computer, web servers, credit card, etc.

You're getting bent out of shape because you predictions were ridiculous. If we were discussing "best" practices we would be discussing device encryption that require pin codes that will lock the device if too many invalid log in attempts. Wait a second, didn't Samsung forget to lock the device if too many invalid finger swipes are attempted?

But the iPhone's fingerprint scanner is more hackable than the Galaxy S5's fingerprint scanner.

Let's not forget that.

More hackable how? Did you not read this?

As was the case with last September's Touch ID hack, the attack on Samsung's fingerprint reader used a "wood glue spoof" made from an etched PCB mold. The spoofed fingerprint was crafted by taking a camera-phone photo of an unprocessed latent print smudge left on a smartphone screen. Interestingly, the spoof was left over from work Schlabs did when researching Apple's Touch ID. For reasons he has yet to precisely determine, the spoof doesn't work against an iPhone, but it had no problem unlocking the S5.

 

[KENNYB]

http://www.spiegel.de/international/world/german-hacker-group-ccc-compromises-iphone-fingerprint-sensor-a-923910.html



Not too difficult to comprehend. It took two days after iPhone 5S launch. So, based on that it took them five days after Galaxy S5 launch using the same technique they already refined.

It didn't take SRLabs 5 days to defeat the Samsung fingerprint reader. SRLabs reused the mold from last October's attempt to bypass TouchID. Look here for proof. What are you going to say now? That it took 5 days for this to be reported so it really took them 5 days to do the bypass? The only thing you have left to argue is it could have taken SRLabs forever to make the mold. LOL

 

[Justintoxicated]

In this case you'd also have her register her fingerprint to unlock.

Ahh good point haha. Shhhhh she might find this post!

 

[MrCrispy]

I feel like I should make another NSA joke here.

They already have all your biometrics </tinfoil>

 

[Arizonian7]

More hackable how? Did you not read this?

Again you're just cherry-picking articles and not seeing the whole picture.

The iPhone 5S fingerprint system was hacked in 2 days after release.

The Samsung Galaxy S5 fingerprint system was hacked 5 days after release.

I don't know why you're so pro-Apple but did you know that buying Apple products indirectly supports Samsung profits?

Did you know most of the components of the iPhone 5S including the CPU (the most expensive component of the iPhone 5S) are manufactured by Samsung?

 

[CHANG3D]

First of all, they hacked it faster than 5 days, they just didn't publish an article on it till later. Second, you guys debate between fail and more fail again, with the source you're quoting saying Samsung is the more fail of the two. Once again, fail and fail. It's not the special Olympics where effort wins.

 

[Thuleman]

Isn't all of this a moot point anyway?
Is anyone actually using the fingerprint sensor?

 

[mi7chy]

using pinky

Bad idea. Men don't stick out their pinky in public.

I think that concludes this discussion.

 

[Aurelius]

Isn't all of this a moot point anyway?
Is anyone actually using the fingerprint sensor?

I don't think a majority necessarily would, but goodness knows it's handy if you want a decent lock on your phone that's faster to unlock than a PIN code.

 

[Trimlock]

I don't think a majority necessarily would, but goodness knows it's handy if you want a decent lock on your phone that's faster to unlock than a PIN code.

It is subjective, there are a ton of popular cases that places a film cover over the home button. With my wife's case it makes it a pain to unlock but let me tell you that lifeproof makes some serious awesome cases.

 

[rudy]

Isn't all of this a moot point anyway?
Is anyone actually using the fingerprint sensor?

Hundreds of thousands to millions of people use banking, credit card or other websites on their phone as well as accepting payments through credit card processing. I would think all of these people should be using this and would appreciate it. I would not even be surprised if credit card processors started to make it a requirement for a lower rate.

 

[mi7chy]

A higher level of security is achieved using a combination of what you have (token), who you are (biometric) and/or what you know (password).

Of the three, it's been proven that password is relatively weakest since it can be remotely compromised by, for example, phishing so the industry is moving away from it as a sole method of authentication. Between the remaining two, biometric is weaker since fingerprint can left on everything that is touched and it has a limit of ten changes from the number of fingers normally available but, on the other hand, the threat is reduced from remote to local to get access to your fingerprint. Token can be lost or stolen but has the benefits of being disabled and replaced and, again, the threat is reduced to local so the relative security is greater of the three. Still, the last two alone still leave uncomfortable room for exposure so a good compromise is to combine them. Use phone as a token since it has unique IMEI/ESN and telephone number along with biometric fingerprint as long as it doesn't use a fingerprint system that exposes an easily liftable fingerprint like Touch ID press and lift on recessed glass.

So, Motorola Atrix had it right all along but the industry wasn't prime until Samsung S5 came along. With that said there's still much room for further improvement in biometric. We need to move beyond biometric fingerprint towards perhaps DNA that is not easily left behind nor collectable such as something like exhale vapors.

 

[Trimlock]

The Atrix's implementation would of taken off if it was reliable and had some sort of OEM software support behind it.

 

[CHANG3D]

Man, that same talking point written by a speech writer over and over. Anyone else not think this is fishy?

 

[mi7chy]

CHANG 3D, nothing can be as fishy as you repeatedly claiming .40/lb recycled aluminum is premium or Sprint.

 

[KENNYB]

I think that person is a shill. No amount of reason can change a shill's opinion. Despite evidence a shill will yell LALALALALALA.

 

[CHANG3D]

I see no point to even respond to his juvenile attempts to attack me, especially when he obviously can't comprehend 8 words correctly. Anyone also notice him and arizonian7 posting the same things over and over? I really wish Samsung just get an official member here like SilverstoneTek and BitFenix does etc instead of doing this ridiculous "grassroot" campaign.

BTW, I'm still waiting for an answer on why a motherboard isn't an electronic component.

 

[mi7chy]

You two want milk and cookies to make you feel better? Try to stick to the discussion and attempt to be coherent instead of resorting to labeling people troll, shill, whatever when you have nothing useful to offer.

 

[Aurelius]

You two want milk and cookies to make you feel better? Try to stick to the discussion and attempt to be coherent instead of resorting to labeling people troll, shill, whatever when you have nothing useful to offer.

Pot, kettle, black.

As of late, your posts do nothing but praise Samsung to the high heavens, whether or not it's deserved; when you're invariably caught making a major mistake or lying (which is often), you change the subject or restate your false claim as if it were an unquestioned fact. Heck, just earlier you purposefully skipped over the iPhone 5s' fingerprint reader, which is the only reason the GS5 even has such a reader in the first place.

In an intelligent, informed discussion, you're willing to accept that your platform of choice is not always the best, and that someone else did something first or better. It'd be great to see that from you for a change.

 

[mi7chy]

Learn not to be so insecure and sensitive when others share their experience and opinion. And, the same advice applies to refrain from labeling someone shill, troll, etc. which is a common occurrence out of your mouths when others post something you disagree with.