Android Fingerprint Scanners Vulnerable To Hacking – OEM’s Fix Flaw

Android / Mobile / Security / Tech
Android_Fingerprint

There is a lot of news coming out of the Black Hat conference in Las Vegas including a new flaw discovered by hackers that targets Android fingerprint scanners. Hackers used four different methods to hack Android phones with fingerprint scanners and demoed how the user’s data could be stolen. Android OEM’s with fingerprint scanners include Huawei, Samsung and HTC and, fortunately, they all have addressed the issue and have already patched the flaw, thanks to the researchers giving them the information ahead of time.

Of the four attacks outlined by the researchers, one in particular — dubbed the ‘fingerprint sensor spying attack’ — can ‘remotely harvest fingerprints in a large scale,’ Zhang told ZDNet by email.
The threat is for now confined mostly to Android devices that have fingerprint sensors, such as Samsung, Huawei, and HTC devices, which by volume remains low compared to iPhone shipments.
The threat is for now confined mostly to Android devices that have fingerprint sensors, such as Samsung, Huawei, and HTC devices, which by volume remains low compared to iPhone shipments.
‘Unlike passwords, fingerprints last a lifetime and are usually associated with critical identities,’ the researchers wrote.
‘Thus, the leakage of fingerprints is irredeemable.
‘It will be even a disaster if the attackers can remotely harvest fingerprints in a large scale.’
The pair promise their talk will ‘We will show live demos, such as hijacking mobile payment protected by fingerprints, and collecting fingerprints from popular mobile devices.
‘We will also provide suggestions for vendors and users to better secure the fingerprints.’

While there are a fair amount of hackers whose intentions are malicious, these events are very important because the hackers who aren’t malicious are helping companies patch potential security risks. If these hackers had not notified Samsung, Huawei and HTC the flaw would continue to be a problem which could have escalated to something much larger. Thankfully the fix is in place and these OEM’s have a new lesson learned.

What do you think of this hack? Let us know in the comments below or on Google+, Facebook and Twitter.

  Source: Daily Mail
Comments
To Top