hacking fingerprint scans on android

If you think fingerprint scanners or sensors are more secure, you may be wrong. Some hackers believe that there are several ways to hack those fingerprints according to a new research presented recently at the Black Hat conference in Las Vegas. Tao Wei and Yulong Zhang, researchers at FireEye said there are new ways to hack Android devices and get the fingerprints.

I used to think that to get fingerprints to access different Android devices, you only need to just cut fingers. Okay, so that’s morbid and I’m never doing that but I knew it was only a matter of time before fingerprints can be hacked. Looks like that time has come although mostly for Android devices. Only a few manufacturers have phones with fingerprint sensors. There’s Samsung, HTC, and Huawei. The volume of iPhones with fingerprint sensors are higher now but there’s an estimate that a few years from now, half of all smartphones sold will have fingerprint sensor.

FireEye researchers shared four possible attacks. Tested on both the Samsung Galaxy S5 and HTC One Max is this “fingerprint sensor spying attack”.  According to one of the researchers, this method can “remotely harvest fingerprints in a large scale”. This was discovered to be possible because HTC and Samsung failed to fully lock down the sensor.

Another reason that can the phone a perfect target is the fact that the sensor is guarded by a “system” privilege instead of root. Once the hacker is able to get fingerprint data, “the attacker can keep using the fingerprint data to do other malicious things” according to Zhang.

Fortunately, these researchers-slash-hackers warned phone makers about this issue and so some solutions and patches are being released. Android devices are mainly the easy target while iPhone is “quite secure” as described by Zhang.

VIA: ZDnet