Just like the iPhone 5S, the Galaxy S5 also comes with a fingerprint scanner integrated into the home button. The use of a fingerprint scanner allows OEMs and users to make their device more secure without requiring them to remember any complex PIN or password. However, as it turns out, the Galaxy S5 fingerprint scanner can be easily hacked in the same way the iPhone’s Touch ID sensor was hacked, six months ago.

The hack was conduced by the folks over at Security Research Labs, who used a “wood glue spoof” made from a PCB mold. The team used a fingerprint from the touchscreen of a mobile device and captured it using a mobile camera.

On the iPhone 5S, Touch ID only allows users to unlock and confirm App Store purchases, but on the S5, users can confirm and make payments via the pre-loaded PayPal application using the fingerprint sensor. This poses a greater risk than that of iPhone owners.

Also, unlike iOS, Samsung does not require users to enter a PIN after multiple failed attempts at unlocking the phone via a fingerprint scanner, which again puts them at a higher risk.

In response to this hack, PayPal issued the following statement:

“While we take the findings from Security Research Labs very seriously, we are still confident that fingerprint authentication offers an easier and more secure way to pay on mobile devices than passwords or credit cards. PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. The scan unlocks a secure cryptographic key that serves as a password replacement for the phone. We can simply deactivate the key from a lost or stolen device, and you can create a new one. PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy.”

While the fingerprint hack above may seem very over-the-top and impractical to many, it is very well possible in the corporate environment where hackers can cause damages worth millions of dollars to companies by hacking their way through the fingerprint scanner.