Links on Android Authority may earn us a commission. Learn more.
Android vulnerability can lead to stolen fingerprints "on a large scale"
Biometric security is on the rise as more manufacturers adopt advanced security systems. The most popular method is the use of fingerprint sensors, a technique that has proven to be among the most secure and accurate. But is it really the safest authentication technique?
According to researchers Tao Wei and Yulong Zhang, from FireEye, there is a significant vulnerability in Android devices with fingerprint sensors, which can lead to mass fingerprint data theft.
This research was to be announced at the Black Hat conference in Las Vegas, and it’s said to include four methods hackers can use for stealing fingerprints. One of them is particularly worrisome. It is named the ‘fingerprint sensor spying attack’, and it can remotely steal fingerprint data “in a large scale”.
The attack has been confirmed on two popular smartphones – the HTCOne Max and the Samsung Galaxy S5. This is not an isolated issue, though. It seems this is a problem that affects most Android smartphones with a fingerprint sensor, especially the popular ones from Samsung, HTCand Huawei.
The issue lies on the fact that most of these sensors are not fully protected on both a root and system level. Yulong Zhang goes on to mention that Apple’s iPhone is actually more secure, as it encrypts data from the scanner. Even if a hacker gains access to the reader, he would not be able to obtain a clean fingerprint image.
This news is especially bad right now, as we finally start to get over the Stagefright pandemonium. And an attack on this biometric information would be critical, because fingerprints are something that lasts a lifetime. Hackers would be able to harm you for an indefinite period of time.
It’s said affected manufacturers have patched the vulnerability by now, so you don’t have much to worry about now. But the issue does continue to have relevance for future security concerns. As devices become more secure, we tend to trust them with more personal information and private data. This means that when we do get attacked, the results will be more significant.
What do you think? Should we trust our devices with our biometric data? Should we just dump these systems and stick to our antiquated PINs and passwords?