Fingerprint scanners could set you up for a trap

If you are quite excited about fingerprint scanners in Android phones and plan to use them for unlocking your phone and accessing secure systems like Samsung accounts and PayPal, researchers from security firm FireEye suggest you should take them with a spoon of caution.

Their research has revealed startling facts about the security features in fingerprint scanners in Android phones. For instance, it is now quite easy for hackers to obtain your biometric data via your Android phone but simply acquiring a user-level access and running a root programme. In case of the Samsung Galaxy S5, just the user-level access will be enough for someone to steal your prints.

Yulong Zhang, one of the researchers, said, “If the attacker can break the kernel [the core of the Android operating system], although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time. Every time you touch the fingerprint sensor, the attacker can steal your fingerprint. You can get the data and from the data you can generate the image of your fingerprint. After that you can do whatever you want.”

Pretty scary, I say.

However, the researchers concluded that the latest Android Lollipop OS seems to have corrected the issue. SO it'll be proper if you upgrade as soon as possible in case you are still stuck in the world of KitKat or Jellybean.

Fingerprint sensors are increasingly gaining popularity and acceptance over traditional modes of authentication, and consequently a large number of popular devices make use of them. These include the HTC One Max, the Motorola Atrix, the Samsung Galaxy Note 4 and Edge, the Galaxy S6, and the Huawei Ascend Mate 7.

Confirming that the issue could be larger than we thought, the researchers said that only a limited number of devices have been tested, and the issue could get more severe and more and more devices come under their lens. These include Apple's famous TouchID fingerprint scanner as well.

If I were you, I'd prefer numerical passwords until these guys are done with their research.

Leave a Comment