1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Fingerprint scanners on Android phones are far less secure than on iPhones

By AdrianD
Aug 6, 2015
Post New Reply
  1. The Samsung Galaxy S5's fingerprint reader security vulnerabilities were well documented over a year ago. But if you were hoping the world’s most popular Android device manufacturer had mended its exposure to easy hacks since then, recent Black Hat revelations will come as a disappointing surprise.

    During the esteemed and anxiety-inducing security convention, FireEye researchers Tao Wei and Yulong Zhang presented a summary of known issues pertaining to mobile devices capable of recognizing fingerprints.

    The Galaxy S5 and HTC One Max in particular fared poorly; both were vulnerable to a "fingerprint sensor spying attack" that could remotely lift prints from the phones because neither manufacturer fully lock down the sensor.

    As the report points out, “the leakage of fingerprints is irredeemable”, so once hacked the target might lose control of passwords, personal data and, most vexing of all, mobile payment access for good. A seasoned cyber-criminal can also carefully cover their tracks so as to loot fingerprints from several smartphone users over a period of time.

    Samsung, HTC and Huawei are now aware of the flaw and have already begun updating their software. Meanwhile, Apple's Touch ID sensor was deemed "far more secure" as it encrypts fingerprint data from the scanner.

    "Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image," Zhang noted.

    Hopefully, Google will take a page from Apple’s playbook when wrapping up Android M, the platform’s first build endowed with native fingerprint capabilities.

    Permalink to story.

  2. Burty117

    Burty117 TechSpot Chancellor Posts: 3,493   +1,295

    How about a newer Android phone like the OnePlus 2? Surely newer stuff can't be as insecure?
  3. stewi0001

    stewi0001 TS Evangelist Posts: 2,196   +1,623

    It sounds more like a software issue than hardware. Thus, if they don't fix the code, it doesn't matter how new your phone is.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...