Though Galaxy S4 and Galaxy S5 started receiving Android 5.0 update, latest research seems to discourage going through the 5.0 as it revealed a weak security. Even with fingerprint ID systems, phones running Android 5.0 can allow hackers steal personal information, and be used elsewhere, with the Galaxy S5 as the easiest to attack.
Galaxy S4 and S5 receives Android 5.0 update
Sprint started releasing over-the-air Android 5.0 update for Samsung Galaxy S4 Spark LTE, which will bring features such as the new Material Design, and improvements in performance and battery life.
The Samsung Galaxy S5 also received latest Android 5.0 update. So far, reports observed that the Lollipop upgrade is consistent. Subscribes of T-Mobile, Verizon, Sprint, AT&T, and U.S. Cellular can expect the Android 5.0 to come in their Galaxy S5 devices.
Android 5.0 weak security
However, it seems that it may not be helpful to update to Android 5.0 as recent reports mentioned that hackers can steal copies of fingerprints used to unlock Galaxy S5 phones. Security firm FireEye reportedly found a flaw in Android that "makes it possible to steal the personal information so it can be used elsewhere." They also said that other Android phones that use fingerprint ID systems can have this kind of flaw.
Yulong Zhang and Tao Wei learned the possibility of grabbing identification data before the device gets locked, and said that it is common on phones running Android 5.0 and older Android OS versions. These operating systems are said to allow attackers getting high level access to the Android phones, especially the Galaxy S5, which doesn't need a deep access of it. The two also said that only S5's memory is needed to reveal the finger scan data.
By using this information, the attackers can trick the device owner as if they are swiping to unlock the phone when they are "actually authorizing a payment." More than that, it was also found out that hackers can "upload their own fingerprints."
Mr. Zhang said that updating to the latest Android 5.1.1 version should remove the vulnerabilities. The researchers' findings are set for a presentation at the RSA security conference in San Francisco on April 24, and Samsung is said to be investigating about it.
Android 5.1.1 updates currently for Nexus only
Currently, only Nexus devices are having Android 5.1.1 updates. Nevertheless, it is expected that other Android-supported devices will start receiving the version 5.1.1 "over the next few weeks."
Join the Conversation