Samsung-Galaxy-S5-Fingerprint-AH-1

Fingerprint Sensors May Not Be As Secure As You Think

August 5, 2015 - Written By Diego Macias

There’s a reason why mobile devices keep getting more security measures, we store all sorts of personal files and information, from pictures taken at a particular party to passwords for several accounts and with more and more files kept in the cloud, this could become a very serious issue. With mobile payments taking off, even our bank accounts are in our phones, so security is a very serious concern. If the phone gets lost, users who protected their phone with a password get a better chance of keeping their files secure. Recently an extra layer of security has been added with biometrics like fingerprint scanners while making it easier to log into your phone.

As we know, the Android operating system is not immune to attacks which could allow other persons to view or manage our information. This malicious software could come disguised as an app, a link, an advertisement or as we recently learned, as an MMS message. Now, a recent report suggests that hackers could access yet another very sensitive piece of information, the fingerprints recorded by the sensors. The research comes from the network security company FireEye and it states that the “fingerprint sensor spying attack” test resulted in the collection of the images of the users’ fingerprints, keeping those images for as long as they want. Even worse, hackers could collect them without anyone else noticing because the sensor is not fully locked down and it doesn’t only affect mobile devices, but also laptops and other devices.

The fingerprint sensor in some systems has only “system” privileges instead of root, so if a user decides to root his device, it’s even less protected. Companies like HTC, Samsung and Huawei have integrated fingerprint sensors in their smartphones but more companies like Sony could integrate them in future devices, and while the research shows that some patches have been integrated into some phones, what they should be doing is encrypting fingerprint data like Apple does with the iPhone. With this encryption, if someone steals this, they still need a special key to get the fingerprint image. Anyway, now that the research has uncovered the vulnerability, companies can start working on solutions because it is believed that at least half of the smartphones will sport a fingerprint reader by the year 2019.