Researchers claim they have 'hacked' the new Samsung Galaxy S5's built-in fingerprint sensor, and can use it to steal money.
Like other smartphones such as the iPhone 5S, the new S5 has a fingerprint sensor built into the home button.
By swiping a finger down the sensor it is possible to unlock the phone or pay for things with PayPal.
(At least, in theory. In practice we found the fingerprint sensor isn't all that reliable, often requiring multiple swipes to unlock.)
Now there might be another reason not to use it: it's really easy to fool.
A team at the Berlin-based Security Research Labs has been able to easily make a fake fingerprint with glue, and use it to unlock the phone.
The same method was able to fool the iPhone 5S - but the problem with the Galaxy S5 is theoretically more serious, because of Samsung's plan to integrate it with PayPal so you can pay for real-world things with your fingerprint.
However the researchers admit their method is complex and a little arcane. Whether you're at serious risk depends really on how paranoid you are - and whether you think a thief would go to all that trouble to spoof your ID when they could just, for instance, sell your stolen phone.
PayPal added that any purchases made fraudulently were covered by its purchase protection policy:
"PayPal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens. However, in the rare instances that it does, you are covered by our purchase protection policy."