The research, unveiled at the Black Hat conference in Las Vegas on Wednesday, by FireEye researchers Tao Wei and Yulong Zhang outlined new ways to attack Android devices to extract user fingerprints.
The threat is for now confined mostly to Android devices that have fingerprint sensors, such as Samsung, Huawei, and HTC devices, which by volume remains low compared to iPhone shipments.
However, analysts believe by 2019, where it’s believed that at least half of all smartphone shipments will have a fingerprint sensor.
Of the four attacks outlined by the researchers, one in particular — dubbed the ‘fingerprint sensor spying attack’ — can ‘remotely harvest fingerprints in a large scale,’ Zhang told ZDNet by email.
The threat is for now confined mostly to Android devices that have fingerprint sensors, such as Samsung, Huawei, and HTC devices, which by volume remains low compared to iPhone shipments.
‘Unlike passwords, fingerprints last a lifetime and are usually associated with critical identities,’ the researchers wrote.
‘Thus, the leakage of fingerprints is irredeemable.
‘It will be even a disaster if the attackers can remotely harvest fingerprints in a large scale.’
The pair promise their talk will ‘We will show live demos, such as hijacking mobile payment protected by fingerprints, and collecting fingerprints from popular mobile devices.
‘We will also provide suggestions for vendors and users to better secure the fingerprints.’
Affected vendors have since provided patches after being alerted by the researchers.
The researchers did not comment on which vendor is more secure than others. But, Zhang noted that Apple’s iPhone, which pioneered the modern fingerprint sensor, is ‘quite secure,’ as it encrypts fingerprint data from the scanner.
‘Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image,’ he said.
The problem isn’t just limited to mobile devices. The researchers warned that many of the attacks they note in their talk also apply to high-end laptops with fingerprint sensors.
View the original content and more from this author here: http://ift.tt/1eWZBcS
from hacker samurai http://ift.tt/1JQfGy4
via IFTTT
No comments:
Post a Comment