Security Flaw Allows Hackers To Clone Fingerprints From Samsung Galaxy S5 Sensor

Security Flaw Allows Hackers To Clone Fingerprints From Samsung Galaxy S5 Sensor

Researchers at security firm FireEye have identified a security flaw in Samsung Galaxy S5 that allows hackers to collect user's fingerprint information. 

According to FireEye researchers Tao Wei and Yulong Zhang, an attacker with a user-level access and can run a program as root, the lowest level of access on computers and smartphones, can easily collect fingerprint information from the affected Android phones -- no need to break into the trusted zone.

Zhang said, "If the attacker can break the kernel [the core of the Android operating system], although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time. Every time you touch the fingerprint sensor, the attacker can steal your fingerprint. You can get the data and from the data you can generate the image of your fingerprint. After that you can do whatever you want."

The researchers reported the flaw to Samsung

A Samsung spokesperson said, "Samsung takes consumer privacy and data security very seriously. We are currently investigating FireEye's claims".

Researchers says that the flaw does not work on Android 5.0 (Lollipop). So the users can protect themselves by upgrading their android OS to Lollipop.

Tao Wei and Yulong Zhang will discuss and demonstrate the flaw at the RSA conference in San Francisco tomorrow.

We will continue to update this story as soon as any information comes to light.

No comments

Powered by Blogger.