A number of new Android smartphones now feature fingerprint sensors for user authentication and payment features. In fact Android M, the next iteration of Google’s operating system will feature OS-level support for fingerprint sensors.
However, it looks like these sensors are susceptible to hacking leaving the users’ fingerprints vulnerable to being compromised.
According to a report by ZDNet, a new research by FireEye researchers Tao Wei and Yulong Zhang outlines how fingerprints can be extracted from Android phones.
Zhang calls the attack method ‘fingerprint sensor spying attack,’ and mentions that it can “remotely harvest fingerprints on a large scale.”
Device makers have already issued security patches to fix the vulnerability as per the report, however, researchers noted that Apple’s iPhone is ‘quite secure’ and encrypts fingerprint data. Attackers will not be able to get any fingerprint data from an iPhone even if they’re able to directly read the Touch ID sensor.
The researchers reproduced the attack method on HTC One Max and Samsung Galaxy S5 as device makers don’t lock down the fingerprint sensor completely.
The researchers also revealed that rooting the Android devices left them more susceptible to the attack as fingerprint sensors on some devices is only protected by ‘system’ privilege.
The attacks are critical as the victim’s fingerprint can be used by attackers at other places including immigration, health records and criminal records.
Credit: Timesofindia.com
