TechSpot

Fingerprint scanners on Android phones are far less secure than on iPhones

By AdrianD
Aug 6, 2015
Post New Reply
  1. [parsehtml]<p><img src="http://www.techspot.com/images2/news/bigimage/2015/08/2015-08-06-image-10.jpg" /></p> <p>The <a href="http://www.techspot.com/news/56406-galaxy-s5-fingerprint-scanner-can-easily-be-fooled-hacked.html">Samsung Galaxy S5&#39;s fingerprint reader security vulnerabilities</a> were well documented over a year ago. But if you were hoping the world&rsquo;s most popular Android device manufacturer had mended its exposure to easy hacks since then, <a href="https://www.blackhat.com/us-15/briefings.html#fingerprints-on-mobile-devices-abusing-and-leaking">recent Black Hat revelations</a> will come as a disappointing surprise.</p> <p>During the esteemed and anxiety-inducing security convention, FireEye researchers Tao Wei and Yulong Zhang presented a <a href="http://www.zdnet.com/article/hackers-can-remotely-steal-fingerprints-from-android-phones/">summary of known issues</a> pertaining to mobile devices capable of recognizing fingerprints.</p> <p>The Galaxy S5 and HTC One Max in particular fared poorly; both were vulnerable to a &quot;fingerprint sensor spying attack&quot; that could remotely lift prints from the phones because neither manufacturer fully lock down the sensor.</p> <p>As the report points out, &ldquo;the leakage of fingerprints is irredeemable&rdquo;, so once hacked the target might lose control of passwords, personal data and, most vexing of all, mobile payment access for good. A seasoned cyber-criminal can also carefully cover their tracks so as to loot fingerprints from several smartphone users over a period of time.</p> <p>Samsung, HTC and Huawei are now aware of the flaw and have already begun updating their software. Meanwhile, Apple&#39;s Touch ID sensor was deemed &quot;far more secure&quot; as it encrypts fingerprint data from the scanner.</p> <p>&quot;Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,&quot; Zhang noted.</p> <p>Hopefully, Google will take a page from Apple&rsquo;s playbook when wrapping up <a href="http://www.techspot.com/news/60817-android-m-officially-unveiled-google-io.html">Android M</a>, the platform&rsquo;s first build endowed with native fingerprint capabilities.</p><p><a rel='alternate' href='http://www.techspot.com/news/61657-fingerprint-scanners-android-phones-far-less-secure-than.html' target='_blank'>Permalink to story.</a></p><p class='permalink'><a rel='alternate' href='http://www.techspot.com/news/61657-fingerprint-scanners-android-phones-far-less-secure-than.html'>http://www.techspot.com/news/61657-fingerprint-scanners-android-phones-far-less-secure-than.html</a></p>[/parsehtml]
     
  2. Burty117

    Burty117 TechSpot Chancellor Posts: 2,920   +687

    How about a newer Android phone like the OnePlus 2? Surely newer stuff can't be as insecure?
     
  3. stewi0001

    stewi0001 TS Evangelist Posts: 1,185   +530

    It sounds more like a software issue than hardware. Thus, if they don't fix the code, it doesn't matter how new your phone is.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...