There hasn’t been a whole lot of good news coming out of HTC’s camp lately, with their stock crashing the last few days. And now it appears that a few researchers from FireEye have found out that HTC is storing fingerprints in a “world readable” folder. Which means just about anyone can retrieve these fingerprints and use them. That’s a big no, no. As fingerprints should be encrypted, as Apple has been doing with Touch ID.
“Any unprivileged processes or apps can steal user’s fingerprints by reading this file,” the FireEye team says, they also added that the images stored in this folder can be made into clear prints, by simply adding some padding. The team also says that every time the fingerprint is used to unlock the device, it refreshes the image map in that world readable folder. So that it will show the latest swiped finger.
Luckily, HTC has only sold one model of smartphone with a fingerprint reader in recent years, which was the HTC One M7 Max, from two years ago. But with the rate that fingerprint sensors are going to be growing in new smartphones coming to market, this is still not good news. Hopefully the other companies out there using fingerprint sensors learn from this and encrypt fingerprints that are saved from the reader.
This year, we saw quite a few devices coming with fingerprint sensors, including the OnePlus Two. So this is going to be a bit scary for many people. But, and this is the important part, at least we have these researchers out there looking for flaws and vulnerabilities in devices like the HTC One M7 Max, so that they can be fixed and have a device that doesn’t have any security vulnerabilities. Which is pretty important in this day and age, obviously. If you do have an older device, like the HTC One Max, be sure to upgrade to the latest ROM that’s available. It might also be a good idea to upgrade to a CyanogenMod-based ROM, as that will likely be much more up to date than what HTC has, since it’s not their current flagship.