Posted by Unknown
17:23
0

Hackers can take copies of fingerprints used to unlock the Samsung Galaxy S5 phone, claim security researchers.
A flaw in Android makes it possible to steal the personal information so it can be used elsewhere, said the experts from security firm FireEye.
Other Android-based phones that also use fingerprint ID systems could also be vulnerable, they said.
Samsung said it took security "very seriously" and was investigating the researchers' findings.
Stolen prints
Fingerprint ID systems are being used more and more in smartphones to unlock the devices or as a way to check who is authorising a transaction. Paypal and Apple already accept fingerprints as an ID check and a growing roster of firms that are members of the Fido Alliance are keen to use them in the same way to remove the need for passwords.
Android phones typically store sensitive data such as fingerprint information in a walled-off area of memory known as the Trusted Zone.
However, Yulong Zhang and Tao Wei found it was possible to grab identification data before it is locked away in the secure area. This method of stealing data was available on all phones running version 5.0 or older versions of Android provided the attacker got high level access to a phone.
They also found that on Samsung Galaxy S5 phones, attackers did not need this deep access to a phone. Instead, they said, just getting access to the gadget's memory could reveal finger scan data.
Using this information an attacker could make a fake lock screen that makes victims believe they are swiping to unlock a phone when they are actually authorising a payment.
In addition, they found, it was possible for attackers to upload their own fingerprints as devices did not keep good records of how many prints were being used on each device.
Mr Zhang and Mr Wei are due to present their findings at the RSA security conference in San Francisco on 24 April.
In an interview with Forbes magazine, Mr Zhang said the flaws they uncovered were likely to be widespread throughout handsets running Android 5.0 and below. Updating to the latest version of Android, version 5.1.1, should remove the vulnerabilities, he said.
The flaw is the latest in a series of problems uncovered with fingerprint ID systems on phones.
In April last year, hackers discovered a way to fool the print sensor on the S5 by taking a photograph of a print left on a smartphone screen, making a mould from the image and using that to make a replica fake finger.
In 2013, a German hacker group used a similar method to bypass the fingerprint reader on Apple's iPhone 5. Hackers from the Chaos Computer Club used a picture of a person's fingerprint left on a glass surface to make a fake finger that unlocked the phone.

Tagged with:
Technology
Unknown
This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
Subscribe to:
Post Comments (Atom)
Popular Posts
-
How to Take a Screenshot Video of Your iPhone?Screenshots of your iOS device can come in handy, and not just for those of us that write about such devices. They are useful for demonstr...
-
10 useful Android tips and tricks that may improve your experience while using your Android device.In this post, we are featuring 10 useful Android tips and tricks that may improve your experience while using your Android device. Do note...
-
Pepsi to drop artificial sweetener aspartameA controversial artificial sweetener is being removed from Diet Pepsi in the US amid consumer concerns about its safety. Aspartame-fre...
-
How to bring back the Start menu and button to Windows 8?With Windows 10 seemingly just around the corner, Microsoft plans to fix one of its most egregious mistakes with Windows 8: the missing St...
-
How To Wear: The Breton Stripe?Is there anything more ubiquitous than the striped shirt when summer hits? Whether you lean towards a straight nautical interpretation ...
-
Samsung Galaxy S6 Release Date, News and Cool FeaturesThe Samsung Galaxy S4 and S5 both knockout stores in April, of 2013 and 2014 correspondingly, thus it’s likely you’ll be able to purchase ...
-
Small Display Bedevils Some Apple Watch AppsThe 3,500 apps available for the Apple Watch show the device’s promise and pitfalls. Nobody needs an Apple Watch, or any kind of smart wa...
-
How To Update Android Applications?Android app updates are very important and all your app should be updated to keep up with all the changes, including the security-related ...
-
Why is it called Windows 10 and not Windows 9?Now that Windows 10 development is in full swing, with the new Spartan browser and new Technical Preview builds appearing on a regul...
-
YU’S NEXT SMARTPHONE IS COMING MAY 12 WITH CYANOGEN OS 12If it wasn’t clear by now, Micromax really wants to beat Xiaomi at its own game. The phone maker launched the sub-brand Yu last year...
No comments: