Fingerprint ID’s have become an increasingly popular way to protect our mobile devices, and why shouldn’t they? Your fingerprints are uniquely yours, and unless you have an unfortunate accident involving your hand they stay the same for your entire life. That is why you will find that most mobile manufacturers like Motorola, Samsung, Huawei, Oppo and even Apple have gotten on board to include the technology as a method to secure their latest devices. However, a report was made at the Black Hat USA 2015 security conference in Las Vegas this week has revealed that your fingerprints may not be as secure as you would hope that they would be.
FireEye Labs security researchers, Yulong Zhang and Tao Wei have demonstrated various way to steal the fingerprint data from devices including some clever phishing and software-related vulnerabilities. This could potentially be a problem on a large scale. Unlike a password which can be changed, a fingerprint leak is forever. If that data fell into the wrong hands your fingerprints could be used for nefarious purposes for the rest of your life. As it turns out some device manufacturers haven’t fully taken steps to prevent this from happening.
Of the major avenues that were suggested by the researchers it appears Android devices are the most vulnerable to the attacks. The phones they tested, including the Galaxy S5 and the HTC One Max for example, were not properly locking down and encrypting the data allowing hackers to remotely access it. To make matters worse, some of the sensors were protected by “system” privileges instead of “root” privileges. The FireEye researchers declined to comment on which manufacturer does the best to secure their fingerprint sensors but did note that Apple’s devices were “pretty secure” because all data is encrypted.
After the report came to light all the affected smartphone manufacturers have released security patches to close the vulnerabilities. It is worth noting that even some laptops could be affected by these same exploits. Zhang and Wei have suggested that users always install apps from trusted and reputable sources like the Google Play store, keep your devices and software updated and do not root them.