Fingerprint scanners on Android phones are far less secure than on iPhones

By AdrianD
Aug 6, 2015
Post New Reply
  1. [parsehtml]<p><img src="" /></p> <p>The <a href="">Samsung Galaxy S5&#39;s fingerprint reader security vulnerabilities</a> were well documented over a year ago. But if you were hoping the world&rsquo;s most popular Android device manufacturer had mended its exposure to easy hacks since then, <a href="">recent Black Hat revelations</a> will come as a disappointing surprise.</p> <p>During the esteemed and anxiety-inducing security convention, FireEye researchers Tao Wei and Yulong Zhang presented a <a href="">summary of known issues</a> pertaining to mobile devices capable of recognizing fingerprints.</p> <p>The Galaxy S5 and HTC One Max in particular fared poorly; both were vulnerable to a &quot;fingerprint sensor spying attack&quot; that could remotely lift prints from the phones because neither manufacturer fully lock down the sensor.</p> <p>As the report points out, &ldquo;the leakage of fingerprints is irredeemable&rdquo;, so once hacked the target might lose control of passwords, personal data and, most vexing of all, mobile payment access for good. A seasoned cyber-criminal can also carefully cover their tracks so as to loot fingerprints from several smartphone users over a period of time.</p> <p>Samsung, HTC and Huawei are now aware of the flaw and have already begun updating their software. Meanwhile, Apple&#39;s Touch ID sensor was deemed &quot;far more secure&quot; as it encrypts fingerprint data from the scanner.</p> <p>&quot;Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,&quot; Zhang noted.</p> <p>Hopefully, Google will take a page from Apple&rsquo;s playbook when wrapping up <a href="">Android M</a>, the platform&rsquo;s first build endowed with native fingerprint capabilities.</p><p><a rel='alternate' href='' target='_blank'>Permalink to story.</a></p><p class='permalink'><a rel='alternate' href=''></a></p>[/parsehtml]
  2. Burty117

    Burty117 TechSpot Chancellor Posts: 2,889   +645

    How about a newer Android phone like the OnePlus 2? Surely newer stuff can't be as insecure?
  3. stewi0001

    stewi0001 TS Evangelist Posts: 1,142   +482

    It sounds more like a software issue than hardware. Thus, if they don't fix the code, it doesn't matter how new your phone is.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...