Wiping your fingerprints won’t do you any good in this day and age. During the Black Hat conference on Wednesday, security researchers presented findings that reveal hackers can remotely obtain fingerprints from Android devices that use biometric sensors.
At the moment, FireEye scientists Tao Wei and Yulong Zhang say the threat is specific to Android smartphones that use a fingerprint sensor, which limits the number of vulnerable devices. Though companies like Samsung, Huawei, and HTC currently produce Android devices with those sensors, Apple still has a significant hold on the market. Its Touch ID sensor has proven to be more secure because it encrypts data gleaned from the scanner.
“Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,” Zhang told ZDNet.
Android users, however, are not so lucky: The researchers detected four methods of attack, the most disconcerting of which could remotely hack the sensor and steal any fingerprint that it encounters. Called the “fingerprint sensor spying attack,” it would allow a hacker to continuously use fingerprint data however they please. Wei and Zhang tested the hack on the HTC One Max and Samsung’s Galaxy S5 phones.
By 2019, industry watchers predict that more than half of smartphones will have fingerprint sensors—which means phone makers must improve their device security.