Flaw In Android Device Sensor Leaves Users’ Fingerprints Vulnerable To Theft

Using your fingerprint to open your phone may be convenient but it could also pose a security risk. That’s according to security researchers who discovered a way to breach Android devices to steal the unique prints.

ZDNet reports that FireEye researchers identified what they referred to as the “fingerprint sensor spying attack” that allows hackers to acquire large batches of consumers’ fingerprints from Android-based phones, including those made by Samsung, HTC, and Huawei.

The researchers, Tao Wei and Yulong Zhang, say that because the devices’ sensors aren’t locked down by manufacturers, it creates a vulnerability that allows hackers to obtain images of users’ fingerprints.

“In this attack, victims’ fingerprint data directly fall into attacker’s hand. For the rest of the victim’s life, the attacker can keep using the fingerprint data to do other malicious things,” Zhang said.

While the experiment was based mainly on mobile phones, the researchers warn that the same issues could be found in other devices such as laptops that use sensors.

Zhang tells ZDNet that he couldn’t specify which devices were more vulnerable to the hack, but did not that the iPhone was “quite secure” because it encrypts fingerprint data.

Researchers say they notified device makers of the issues and they have since provided patches to address the vulnerability.

Still, Zhang and Wei recommend smartphone users always keep their software updated to the latest version and only install popular apps from the Google Play store with fingerprint sensors.

This is the second time this summer that Android phones have been found to be vulnerable to hacks.

Last month, security researchers discovered a flaw in nearly 950 million devices that let hackers send out a piece of code via text message to take over phones remotely.

Hackers can remotely steal fingerprints from Android phones [ZDNet]