Thought Smartphone Fingerprint Scanners Were Safe? Think again

Omar Sohail
Posted Aug 6, 2015
16Shares
Share Tweet Submit

With smartphones already becoming an omnipresent element in our world, smartphone OEMs are already attempting to incorporate these mobile devices with security contingencies that will keep hackers at bay. One of them happens to be fingerprint scanners. However, before you jump to the conclusion that your mobile device may be safe because it has a fingerprint scanner, hackers are dexterous enough to find a way past that barrier as well.

Latest Research Describes Hackers Being Able To Steal Data From Android Devices And Extract User’s Fingerprints

The research was announced at the Black Hat conference that was held in Las Vegas on Wednesday. The two individuals that debriefed their findings were FireEye researchers, Tao Wei and Yulong Zhang. Both of them presented the following research:

“Unlike passwords, fingerprints last a lifetime and are usually associated with critical identities. Thus, the leakage of fingerprints is irredeemable. It will be even a disaster if the attackers can remotely harvest fingerprints in a large scale.

In this talk, we will reveal some severe issues with the current Android fingerprint frameworks that have long been neglected by vendors and users. We will provide in-depth security analysis of the popular mobile fingerprint authentication/authorization frameworks, and discuss the security problems of existing designs, including:

1: The confused authorization attack that enables malware to bypass pay authorizations protected by fingerprints.

2: TrustZone design flaws and fingerprint sensor spying attack to harvest fingerprints.

3: Pre-embedded fingerprint backdoors, etc. We will show live demos, such as hijacking mobile payment protected by fingerprints, and collecting fingerprints from popular mobile devices. We will also provide suggestions for vendors and users to better secure the fingerprints.”

At this current point, iPhones are under the least amount of threat, since the amount of units sporting the Apple logo are far less in number as compared to those who own handsets powered by Google’s Android platform. However, there is cause for more worry because by the year 2019, it can safely be said that at least half of all smartphone shipments will be sporting a fingerprint sensor, which will put more people at risk. So how exactly are you supposed to protect your smartphone from having its sensitive content compromised?

Security and privacy applications provide the best possible deterrent to hackers, something that fingerprint scanners are unable to do. However, that shield will be eroded if Android users have successfully rooted their devices. What is even more alarming is that when the attack is in place, it will stealthily begin to collect fingerprint data on anyone who uses the sensor. Since a fingerprint pattern can obviously not be changed until you give away the handset to someone else, that particular user will be under threat for the remainder of his/her life, at least till their change their smartphone.

iPhone Owners Have Another Thing To Rejoice About Concerning Fingerprint Scanners

Users authorize mobile payments through fingerprint scanners, which will allow hackers to celebrate Christmas during every month by gaining access to their payment card details. At this current point, Zhang stated that iPhone’s fingerprint scanner is quite secure compared to Android smartphones, due to its high level of encryption.

Unfortunately, the problem does not end at smartphones and tablets, but branches out to high-end laptops that feature fingerprint scanners as well. At this stage, the only resourceful thing to do in safeguarding your valuable information is to install security and privacy applications that have a positive user rating.

 

Share Tweet Submit