Research : Almost All Fingerprint Sensors on Android Mobiles Can Be Hacked
New reports suggest that our fingerprints are not as unique and safe for security, as we might have otherwise believed. This makes almost all Android smartphones in the future susceptible to getting hacked. Studies by FireEye researchers Tao Wei and Yulong Zhang have outlined new ways to attack an Android device to extract the user’s fingerprint.
As of now, this threat is said to be confined to Android devices like Samsung, Huawei and HTC devices. The research shows four outlines for these hacks, and one them called the “fingerprint sensor spying attack”, is said to be able to “remotely harvest fingerprints on a large scale,” says Zhang.
Reports suggest that the two devices that have been hacked are – the HTC One Max and Samsung’s Galaxy S5. This happens because the device doesn’t fully lock down the sensor, allowing the hacker to acquire a fingerprint image.
“In this attack, victims’ fingerprint data directly fall into attacker’s hand. For the rest of the victim’s life, the attacker can keep using the fingerprint data to do other malicious things,” Zhang said.
As we know before fingerprint technology was used for mobile payments and unlocking devices, it had been previously used for identity, immigration, and for criminal records. However, researchers have not mentioned which device is more secure than the other, although they have mentioned that the iPhone is “quite secure” as it is encrypted by a fingerprint data from the scanner. So, “even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,” he said.
Research also says that this hack is susceptible to high-end laptop users with fingerprint sensors and advice users to use devices that are regularly updated and install apps only from reliable sources.
Source:[tw-button size=”medium” background=”#07ABE2″ color=”” target=”_blank” link=”http://www.zdnet.com/article/hackers-can-remotely-steal-fingerprints-from-android-phones/”] Zdnet[/tw-button]