Aug 10, 2015 02:11 AM EDT
Android users, including those who use brands HTC, Huawei, and Samsung, should be wary: Another vulnerability has been exposed, and this time, it’s possibly the worst that hackers can do.
Researchers at FireEye reported that hackers can actually copy fingerprints off of Androids’ fingerprint sensors. The hackers can then use these copies of the fingerprint scans and use the identities over and over, for whatever security functions these can unlock.
FireEye researchers Yulong Zhang and Tao Wei demonstrated the vulnerability at the Black Hat 2015 conference, held in Las Vegas, Nevada, USA. At the security conference held last August 1 to 6, the FireEye researchers gave a briefing about the methods used in “fingerprint harvesting.” The fingerprint hack, now dubbed the “fingerprint sensor spying attack,” was blamed on the fact that vendors do not encrypt or “fully lock down” the sensors.
The hacks were already confirmed on the Samsung's Galaxy S5, as well as the HTC One Max.
These three brands, Huawei, HTC, and Samsung, were singled out because these are the brands that now ship with fingerprint sensors. By the year 2019, analysts project that fingerprint sensors will be the norm for mobile devices.
On the other hand, Apple enthusiasts may have reason to rejoice: The FireEye researchers have pointed out that for the moment, the iOS devices from Apple remain secure because of the encryption on their fingerprint sensor modules.
After the conference, reports have noted that the manufacturers have already been alerted, and patches were deployed to correct the vulnerability.
Let this be a warning to Android device manufacturers and users alike: Even high-security features such as the fingerprint sensor could be targets of a massive, remote hacking spree.
The researchers also noted that rooting and other methods used to unlock the Android’s kernel may increase the vulnerability.
Either users should avoid the function for the moment or avoid rooting their phones. Hopefully the fingerprint sensors will be more secure, straight out of the box, in the future.
Meanwhile, for those who are very conscientious about their devices’ security and encryption, it may be a good idea to consider anti-NSA-secure phones such as the Blackphone or Blackphone 2, instead.
2. Dec 21, 2019
Who Should Be Using a PowerPoint Design Agency?
3. Nov 13, 2019
Surveying the 4 Basic Kinds of CMM Machines
4. Nov 02, 2019
Color Theory Gets a Technology Makeover with Appy Pie's Color Wheel
1. Sep 20, 2019
5 Facts About Mobile App Development That Will Keep You Up At Night
2. Sep 09, 2019
Why Software is Key to Growing Your Cannabis Business
3. Sep 09, 2019
Why Android Remains at the Top of Its Game
4. Sep 02, 2019
Tips to Get Car Insurance for a Teen Driver