Android Fingerprint Sensors Easier to Hack Than Apple’s Touch ID – research

Researchers from Security firm FireEye have found major security vulnerabilities in the Android smartphones that come with fingerprint scanners.

FireEye researchers have devised four different attacks that could extract user fingerprints from Android smartphones, and claim the technology is more vulnerable than Touch ID implemented by Apple.

They have revealed major vulnerabilities in fingerprint scanner-powered Android smartphones. One such attack is “fingerprint sensor spying” which can “remotely harvest fingerprints in a large scale,” the researchers said.

Smartphones like the HTC One Max and Samsung’s Galaxy S5 that sport a fingerprint scanner don’t fully lock down the sensor, the researchers note.

The researchers noted that smartphones like the HTC One Max and Samsung’s Galaxy S5 that sport a fingerprint scanner don’t fully lock down the sensor and it is protected by only “system” level privilege instead of “root”, making it easier for an attacker to find a workaround.

The good news is that the affected vendors were notified, and have since provided patches for the issue.

Zhang revealed that the iPhone Touch ID sensor is “quite secure” since it encrypts the fingerprint data it gleans from the sensor. He added that even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image.”

Google introduced official support for fingerprint scanners with Android M, which releases later this year.

Last year, a German firm named H Security had found a way to fool the Galaxy S5’s sensors to get access to it using a “dummy” finger.

[Via]