Recently discovered security flaw in Android 5.0 which makes Samsung Galaxy S5 highly vulnerable to cyber attacks and identity thieves.
FireEye software research engineers, Yolong Zhang and Tao Wei, have exposed a vulnerability that can affect certain Android phones like Galaxy S5 that could allow black hat hackers to steal your fingerprint data. However Samsung has commented that in reality if device is not rooted, there’s no chance of kernel being affected by malware if apps are simply downloaded from google play store, but we know that making fully undetectable malware is possible so for a dedicated hacker bypassing a play store security would be highly successful.
Researchers showed that phones with fingerprint locks, are manufactured in a way that hackers don’t need deep access in the targeted phone, only the device’s memory can expose the biometric scan data, and allows hackers to upload their own fingerprint, because biometric lock oriented smart devices never keep records of the number of prints.
- 1. Authentication
- 2. System screen unlock
- 3. Login in FIDO alliances services
- App store pay
- Apple Pay
- Transaction authentication using FIDO
There is a big risk because fingerprint never expire, if the password is leaked you can easily replace it with a new one. However that is not case with biometric fingerprint, once it’s leaked or stolen, well it can be used for many things as it is associated with your identity record and you take consequences for the rest of your life, because it’s not possible yet to change your fingerprint.
Now before you start panicking, know that this loophole was already patched with the release of Lollipop but you should see this as a high – security risk and you should keep your fingers away from Fingerprint sensors.
- Don’t buy smartphones with fingerprint sensors
- If you already have upgraded your system to the latest version to fix known vulnerabilities.
- Only install popular apps from store on your phone with fingerprint sensor
Source: FireEye Lab