Hackers can steal any number of fingerprints remotely without user’s knowledge from Android smartphones
Two FireEye researchers have discovered a new way to steal Android smartphone user’s fingerprints remotely without their knowledge or consent. FireEye researchers Tao Wei and Yulong Zhang have outlined four new ways to attack on Android devices to extract user’s fingerprints. The researchers will demonstrate the exploit at the Black Hat conference in Las Vegas on Wednesday
The researchers stated that as of now only those smartphones which have fingerprint scanners are vulnerable. So as of now only premium category and flagship smartphones from likes of Samsung, Huawei, and HTC are vulnerable. The real fear is when the fingerprint scanner technology moves from premium segment to mid range and low budget smartphone segment which is assumed to happen in late 2018.
Of the four attacks outlined by the researchers, one in particular — dubbed the “fingerprint sensor spying attack” — can “remotely harvest fingerprints in a large scale,” Zhang told ZDNet by email.
The researchers confirmed that the exploit worked on HTC One Max and Samsung’s Galaxy S5, allows the hacker to stealthily acquire a fingerprint image from an affected device because device makers don’t fully lock down the sensor.
ZDNet added that the sensor on some devices is only guarded by the “system” privilege instead of root, making it easier to target. Which meant that rooted Android smartphones were at greater risk.
Scaringly once the hacker has gained entry via the attack, the fingerprint sensor can continue to quietly collect fingerprint data on anyone who uses the sensor and remotely send it back to the hacker, giving him unlimited harvest of fingerprints.
“In this attack, victims’ fingerprint data directly fall into attacker’s hand. For the rest of the victim’s life, the attacker can keep using the fingerprint data to do other malicious things,” Zhang said.
Zhang and his partner have alerted the smartphone makers and the manufacturers have since patched their smartphones against this vulnerability. However the researchers have neither named the makers nor whether the patch has reached the end user. They also have not commented on which vendor is most vulnerable from the vulnerability.
Regarding applying the same vulnerability to Apple’s iPhone, Zhang said it is quite secure. The iPhone which essentially pioneered the fingerprint scanner to unlock a smartphone, encrypts fingerprint data from the scanner.
“Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,” he said.
With biometrics exploding and being adapted for almost everything from gate access, passports, banking etc., the problem isn’t just limited to mobile devices.