Android devices equipped with a fingerprint sensor are vulnerable to hacker attacks. They can not only bypass the biometric authentication, but even steal the fingerprint data itself, security researchers told a hacker conference.
Tao Wei and Yulong Zhong from the cybersecurity firm FireEye Inc. reported their findings on Wednesday to the Black Hat conference in Las Vegas.
The researcher devised four vectors that hackers could use to target fingerprint sensors. One of them allows for "remotely harvest fingerprints on a large scale," without the user ever noticing it. Considering that unlike passwords fingerprints can’t be easily altered and are used for identification in many venues, a compromised phone may leave its user with a lifetime of their data being misused.
The speakers said the HTC One Max and Samsung Galaxy S5 were confirmed to be vulnerable to such attacks. Hey added that affected vendors were alerted and have since provided patches.
Zhong noted that Apple devices used different methods for storing fingerprint data and were quite secure against theft attempts.
READ MORE: Giant security flaw makes 950 million Android phones vulnerable to texting hack
Flaws in Android devices are frequently exposed. Just last week, Zimperium uncovered one that allows devices to be hacked by simply texting them. The victims don’t even need to be tricked into downloading or opening a bad file – attackers only need to send them a text message for the malware to take hold.
Android is by far the most dominant smartphone operating system in the world, with about 80 percent of smartphones worldwide running it.