Fingerprint Theft for Android Smartphone at Risk

As part of the Black Hat conference, it was found that the next frontier of hacking could be the theft of fingerprints from smartphones, tablets and notebooks. And it wouldn’t even be that hard to steal, especially from Android phones.

At the Black Hat conference in Las Vegas, two researchers from FireEye (a leading company in the field of computer security solutions) spoke in depth about the new frontier of hacking: fingerprint theft.

Said so it would seem the plot of a spy movie, but in reality there is nothing more current: Many smartphones, especially the iPhone but also many Android, have a fingerprint reader used daily. And if it is true that 90% of people use it to unlock the phone, its purposes go well beyond: fingerprints are used with increasing frequency for payments (think of Apple Pay in America, for example), but also for issues of immigration and Rilvezione of IDE Ntità, which makes their protection fundamental for every device that makes use of it. Stealing them would mean allowing the attacker to access the victim’s payment systems, his records, in practice his identity. Among other things, the fingerprints are not a password, they are not changed from today to tomorrow and-even for this-must be defended at all costs.

According to Tao Wei and Yulong Zhang, the two speakers of FireEye, iphone users can rest assured: the system used by Apple for iPhone 5s, iPhone 6 and iPhone 6 Plus is secure. Even if hackers get access to the fingerprint sensor, they still can’t get the encrypted image.

Different is the case of Android phones, whose producers have obviously underestimated the matter for a long time except then correct the flaws once detected vulnerabilities. Android smartphones with fingerprint reader are numerically lower than the iPhone, but the problem remains serious especially in the future: it is estimated that in 2019 at least half of smartphones will have this functionality and there is therefore need to Equip yourself with a certain advance.

In particular, the researchers have made 4 attacks against Android smartphones and one of these, called fingerprint sensor spying attack and tested on a HTC one Max and a Galaxy S5, would allow a hacker to subtract the fingerprint scans of all People who used the devices. The reason is simple, adds ZD Net, “Device makers don’t fully lock down the sensor”, i.e. the manufacturers have not completely protected the sensor allowing the attackers a fairly easy access, especially if the phone is rooted.

Do not panic, however: companies have been warned and have released patches to correct vulnerabilities, but the basic talk remains, also because-they add researchers-is not limited to smartphones: fingerprints are also used by PCs, especially by High-end notebooks, and could be used in an ever-increasing number of devices from here to five years. And nobody likes to be cloned.