Of the four attacks outlined by the researchers, one in particular -- dubbed the 'fingerprint sensor spying attack' -- can 'remotely harvest fingerprints in a large scale,' Zhang told ZDNet by email.
'Unlike passwords, fingerprints last a lifetime and are usually associated with critical identities,' the researchers wrote.
'Thus, the leakage of fingerprints is......
irredeemable.
'It will be even a disaster if the attackers can remotely harvest fingerprints in a large scale.'
The pair promise their talk will 'We will show live demos, such as hijacking mobile payment protected by fingerprints, and collecting fingerprints from popular mobile devices.
'We will also provide suggestions for vendors and users to better secure the fingerprints.'
Affected vendors have since provided patches after being alerted by the researchers.
The researchers did not comment on which vendor is more secure than others. But, Zhang noted that Apple's iPhone, which pioneered the modern fingerprint sensor, is 'quite secure,' as it encrypts fingerprint data from the scanner.
'Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,' he said.
The problem isn't just limited to mobile devices. The researchers warned that many of the attacks they note in their talk also apply to high-end laptops with fingerprint sensors.
Share your thoughts....thanks!
No comments:
Post a Comment