Android Fingerprint Readers Are Also A Security Risk

fingerprint, biometrics

It’s not just TouchID that’s at risk from hackers looking for personal data, Black Hat researchers find

Android smartphone users have been warned that their fingerprint data may not be as secure as they thought it was.

FireEye security researchers Tao Wei and Yulong Zhang have exposed some pretty significant flaws in the biometric systems used in the likes of the HTC One Max and the Samsung Galaxy S5.

This follows a number of reported issues with Apple’s TouchID fingerprint system, which has been the subject of several high-profile security attacks.

Backdoor

fingerprint imageSpeaking at the Black Hat security conference in Las Vegas, the two researchers outlined a couple of different attacks that could affect the readers. This included malware that was able to bypass fingerprint-authenticated payment systems and various backdoor attacks, but by far the biggest offender was a “fingerprint sensor spying attack” that could remotely lift prints from affected phones.

This means that hackers could use stolen prints to access personal accounts, as the affected device fails to fully lock down its fingerprint sensor.

Worryingly, the researchers also revealed that the sensor on some devices is often lacking proper protection against hackers, being protected only by the “system” privilege instead of root protection, making it easier to target.

Once the attack is in place, the fingerprint sensor can continue to quietly collect fingerprint data on anyone who uses the sensor.

“Unlike passwords, fingerprints last a lifetime and are usually associated with critical identities,” the pair said. “Thus, the leakage of fingerprints is irredeemable. It will be even a disaster if the attackers can remotely harvest fingerprints in a large scale.”

The team say they have informed the manufacturers mentioned in the report, who have already issued patches for the issue.

Recent findings found that British consumers are increasingly likely to support and use biometrics in their technology.

A study conducted by Visa Europe found that three-quarters of 16-24 year olds in the UK would feel comfortable using information such as fingerprint scans, facial recognition or retina scanning in place of traditional passcodes.

Overall, three-quarters (76 percent) of this age group said that they would feel comfortable making a payment using biometric security, with over two thirds (69 percent) believe this will make their lives faster and easier.

Are you a mobile payments aficionado? Take our quiz here!