A German security lab that was responsible for the iPhone fingerprint hack has gone public with information that the same hack works on the Samsung Galaxy S5 fingerprint reader. The process uses a lifted print over a fake finger made of rubber to fool the system into granting access to the phone.
The hack is more crucial for Android because the OS does not require a password at all if fingerprint security is configured. Apple iOS devices with fingerprint security still require a password each time the device is rebooted.
Even worse, the fingerprint reader on the S5 can be configured to work seamlessly with Paypal. So an attacker using the lifted print spoof would be able to directly access and move funds from a Paypal account that was configured to use the fingerprint reader.