Researchers have issued a warning for Android users about fingerprint security system. The fingerprints used to unlock phone contain data which can be stolen by hackers. Four different attacks have been demonstrated by hackers at a Las Vegas conference displaying the possibility of stealing data and using it for fraud.
Samsung, HTC and Huawei are the phone makers which use the Android operating system for phones that might be targeted by the attack. However, the companies have already fixed the flaw after the researchers informed them of the possible threat.
If not informed, the phone manufacturers would be facing bigger problems. According to the researchers, many Android powered smartphones with fingerprint scanners failed to totally lock down the sensor. If attacked, the leaked information would be irredeemable.
According to Yulong Zhang, one of the researchers at FireEye, the method for the spying attack using fingerprints can remotely gather fingerprints on a large scale. However, the hackers can't still get the fingerprint image without the crypto key.
One of the reason why the threat is present is because of the lack of full security of the print readers on Android devices. The device is only guarded by the system and not by the root user itself which makes the invaders to easily break into the device.
The affected phone makers which include three of the top companies in the industry - Samsung, HTC and Huawei already released patches. Despite the taken precautionary measure, researchers continue to warn Android users to keep the software in their devices regularly updated. They also remind users to avoid installing unreliable apps.
In a Black Hat conference held in the United States, Europe and Asia annually, security researchers join a forum where they share their latest information about security risks and development.