Monday, August 10, 2015

WARNING! Android fingerprint warning as hackers reveal sensor data can be stolen remotely and used for fraud

The threat is for now confined mostly to Android devices that have fingerprint sensors, such as Samsung, Huawei, and HTC devices, which by volume remains low compared to iPhone shipments.

Of the four attacks outlined by the researchers, one in particular -- dubbed the 'fingerprint sensor spying attack' -- can 'remotely harvest fingerprints in a large scale,' Zhang told ZDNet by email.

'Unlike passwords, fingerprints last a lifetime and are usually associated with critical identities,' the researchers wrote.

'Thus, the leakage of fingerprints is......

'It will be even a disaster if the attackers can remotely harvest fingerprints in a large scale.'

The pair promise their talk will 'We will show live demos, such as hijacking mobile payment protected by fingerprints, and collecting fingerprints from popular mobile devices.

'We will also provide suggestions for vendors and users to better secure the fingerprints.'

 Affected vendors have since provided patches after being alerted by the researchers.

The researchers did not comment on which vendor is more secure than others. But, Zhang noted that Apple's iPhone, which pioneered the modern fingerprint sensor, is 'quite secure,' as it encrypts fingerprint data from the scanner.

'Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,' he said.

The problem isn't just limited to mobile devices. The researchers warned that many of the attacks they note in their talk also apply to high-end laptops with fingerprint sensors.

Share your thoughts....thanks!

No comments:

Post a Comment