Android Fingerprint Sensors Susceptible to ‘Large Scale’ Data Theft

While in recent times, we’re seeing a wide-range of smartphones being equipped with a fingerprint-scanner, it has turned out that not all of them are as secure as you might be led to believe.

According to researchers in this year’s Black Hat Security Conference, several smartphones including flagships are susceptible to data theft. The vulnerability was demoed by Tao Wei and Yulong Zhang of security firm FireEye on the HTC One Max and the Samsung Galaxy S5 in the conference.

The hack can allow potential parties to ‘remotely harvest fingerprints on a large scale’. It mainly arises from the fact that companies such as Samsung and HTC don’t fully lock these sensors, hence leaving the information insecure on infected devices.

The data on some of these devices is just secured by a ‘system’ privilege instead of root, hence, making it even more hackable and in the event of rooting, even easier to obtain. The hack is said to work on most recent Android phones with these scanners. With half of all smartphones by 2019 said to come the capability, the issue becomes more critical.

‘To avoid being attacked by malware or being exploited for remote code execution, we suggest normal users to choose mobile device vendors with timely patching/upgrading to the latest version, and always keep your device up to date.”

However, if you are an iPhone user, than you are considerably more protected than your Android counterparts, since the TouchID encrypts fingerprint data from the scanner.

Thankfully, the OEMs behind these devices have already been informed of this issue, so expect a solution in the future. More-importantly, Google will be enhancing the fingerprint security in the next update Android M.



  • >