Your Fingerprint Could Be Stolen Remotely If Your Android Phone Has A Scanner

At the Black Hat conference on Wednesday, researchers revealed that fingerprint sensors on Android phones are vulnerable to hackers.

Wiping your fingerprints won’t do you any good in this day and age. During the Black Hat conference on Wednesday, security researchers presented findings that reveal hackers can remotely obtain fingerprints from Android devices that use biometric sensors.

At the moment, FireEye scientists Tao Wei and Yulong Zhang say the threat is specific to Android smartphones that use a fingerprint sensor, which limits the number of vulnerable devices. Though companies like Samsung, Huawei, and HTC currently produce Android devices with those sensors, Apple still has a significant hold on the market. Its Touch ID sensor has proven to be more secure because it encrypts data gleaned from the scanner.

“Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,” Zhang told ZDNet.

Android users, however, are not so lucky: The researchers detected four methods of attack, the most disconcerting of which could remotely hack the sensor and steal any fingerprint that it encounters. Called the “fingerprint sensor spying attack,” it would allow a hacker to continuously use fingerprint data however they please. Wei and Zhang tested the hack on the HTC One Max and Samsung’s Galaxy S5 phones.

By 2019, industry watchers predict that more than half of smartphones will have fingerprint sensors—which means phone makers must improve their device security.

[via ZDNet]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s