Your fingerprints on your Android phone might not be as safe as you think. Recently, two security researchers at the annual Black Hat conference revealed that the fingerprint scanner on your Android devices is quite vulnerable. Researchers Tao Wei and Yulong Zhong of FireEye Inc., showed that Hackers can remotely lift fingerprints from Android devices. The duo talked about how design flaws in TrustZone, the ARM technology that comes embedded in modern day smartphones, will simply let a ‘sensor spying attack’ harvest a user fingerprints.
According to ZDNet, the duo confirmed that phones like the HTC One Max and the Samsung’s Galaxy S5, are vulnerable to spy attacks as the device makers haven’t locked down the sensor completely. Sensors on these devices are guarded on a system level rather than a root level, hence, rooted devices stand at a greater risk of being hacked. The researchers revealed that once a hack is placed on a certain phone, the hacker can continue to collect the fingerprint data of anyone who uses the sensor.
Currently, countries like US and some regions of Europe, allow payments via fingerprint authentication, these are also vulnerable to attack and hackers can easily bypass the security to simply buy stuff, or just transfer funds from the users account. Moreover fingerprints are also used for various important documents such as passports, immigration documents, criminal records, etc., making it a far more dangerous proposition if your fingerprint sensor gets compromised.
It was also mentioned that this vulnerability also affects some laptops that come with fingerprint sensors. The duo has alerted various vendors about this vulnerability and since then, some patches have rolled out for the same. However, if you are using an iPhone, you are quite safe as hackers won’t be able get the fingerprint image unless they have a crypto key for the fingerprint sensor data.