Researchers from the security firm FireEye discovered a potential flaw on the popular Samsung Galaxy S5 smartphone that could allow hackers to clone your fingerprints and steal biometric data. Samsung has several steps in place to ensure fingerprints are secure by encrypting the ones stored on a phone. Unfortunately, it is still possible for hackers to hijack your prints before they even reach the encryption stage. A reliable source states that Samsung faced a similar incident last year involving a fake fingerprint hack.
According to Forbes, this form of attack is straightforward. An attacker could focus on collecting data coming from Android’s fingerprint sensors instead of breaking into the trusted zone. If a hacker can acquire user-level access and run a program as root, they can easily collect biometric data. In the case with the Samsung Galaxy S5, hackers do not need to go deep into the Android OS because malware only needs system level access. FireEye employees Toa Wei and Yulong Zhang are presenting their findings at an RSA conference tomorrow.
Biometric devices aren’t foolproof
Biometric devices are becoming more common in homes and the workplace. Samsung is not the first to face security issues with biometric devices, In 2013, Apple had their TouchID fingerprint reader hacked. Biometric vulnerabilities can lead to identity theft and loss of sensitive information. Consumers using older versions of the Android operating systems are most at risk. It is advised to update to the latest Android OS version 5.0 (Lollipop).
Researcher Yulong Zhang stated:
“If the attacker can break the kernel [the core of the Android operating system], although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time. Every time you touch the fingerprint sensor, the attacker can steal your fingerprint”.
You can protect yourself from biometric vulnerabilities by keeping your Android operating system up-to-date and patched with the latest security updates. Ideally, it would be best to avoid fingerprint scanners altogether and find a more secure phone authentication method. Since mobile malware and fraud is becoming more common, it’s smart to install a mobile security program on your Android, such as Emsisoft Mobile Security.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a safe (hack-free) day!