Samsung Galaxy S5 Fingerprint Scanner Flaw Allows Hackers to Copy Your Fingerprints

[dgstorm]

You knew at some point it was going to happen... the fingerprint scanner on a smartphone has been hacked allowing hackers to copy your fingerprints. The new security flaw just showed up in the Samsung Galaxy S5 and was found by the security firm FireEye.

What makes this hack even scarier is that it can be performed simply by installing their malware on your device. It then then collects data coming directly from the device’s fingerprint scanner. This allows the bad guys to basically bypass the “trusted zone” where the device keeps your fingerprint data stored. Here's a quote with a few more of the details,

However, Yulong Zhang and Tao Wei found it was possible to grab identification data before it is locked away in the secure area. This method of stealing data was available on all phones running version 5.0 or older versions of Android provided the attacker got high level access to a phone.

They also found that on Samsung Galaxy S5 phones, attackers did not need this deep access to a phone. Instead, they said, just getting access to the gadget's memory could reveal finger scan data.

Using this information an attacker could make a fake lock screen that makes victims believe they are swiping to unlock a phone when they are actually authorizing a payment.

In addition, they found, it was possible for attackers to upload their own fingerprints as devices did not keep good records of how many prints were being used on each device.

Samsung is already investigating the issue and is planning on patching the security hole as soon as possible. In the mean-time, Galaxy S5 users should be extra-extra cautious to make sure no one steals your smartphone.

Here's our dedicated Samsung Galaxy S5 section for further discussion: Samsung Galaxy S5 Discussions Android Forum at DroidForums.net

Source: BBC

 

[Ollie]

It will be interesting to see how Samsung handles this. I could see a patch happening very quickly for the unbranded international versions. Any branded version, be it international or U.S., will be a nightmare to roll out.

Are there any other Android OEMs that have fingerprint scanners?

 

[cr6]

I remember when the S3 came out they touted the facial recognition lock screen as the next big thing in securing your device. Sure it worked, but it was slow and finicky. The fingerprint scanner is the next step, which it looks like Samsung finally perfected. I thought I read about iris scanning last summer, but haven't heard much about it since. Will manufacturers stick with the fingerprint, or move onto iris scanning or other biometrics to secure our devices?
Maybe a tiny needle that pops out the back and draws a drop of blood?
(Ok that last part was a stretch!)

S5 tap'n