Your Android Device is Exposing Your Fingerprint To Hackers

Your Android Device is Exposing Your Fingerprint To Hackers

Have you used Android’s fingerprint authentication system yet? If you haven’t, then don’t use it at all till security updates are provided. With the release of Android M, the support for fingerprint based authentication was made much easier. In a recent talk hosted by security researchers Tao Wei and Yulong Zhang at the Annual Black Hat Security Conference, it was revealed that the security of the Android fingerprint framework might be compromised. Wei and Zhang demonstrated the security breach and confirmed that the Samsung Galaxy S5 and HTC One Max were most susceptible to malicious hacking.

“In this attack, victims’ fingerprint data directly fall into attacker’s hand. For the rest of the victim’s life, the attacker can keep using the fingerprint data to do other malicious things. If the attacker can break the kernel [the core of the Android operating system], although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time. Every time you touch the fingerprint sensor, the attacker can steal your fingerprint. You can get the data and from the data you can generate the image of your fingerprint. After that you can do whatever you want,” Zhang said.

Why so much concern over a security flaw at this early stage of implementation? Fingerprint based authentication could become the standard for access and initiating payments. Fingerprint based authentication, which proved to be a major winning factor for the Apple Pay service, has been responsible for faster and smoother authentication required for accessing content on devices or initiating transactions. It seems that hackers have found a way into the fingerprint framework of Android and have now brought a huge risk upon all those who have used this authentication method on their android devices.

The breach in security would not only allow hackers to access the devices locked by fingerprint authentication, but they would also be able to use Android Pay to initiate movement of funds to their accounts without the approval of the user. Both of these conditions are harmful and can cause serious loss to any person. The fingerprint is the single most unique identification factor for a person which cannot be replicated easily. If this identification method is compromised, then it won’t be possible to imagine the problems that would be unleashed.

The iPhone and iPad’s Touch ID biometric technology is far more secure, so Apple users need not worry about the security flaw. One of the reasons behind Apple’s superior security is the encryption of personal data with a key. Without this key, hackers are helpless and they wont be able to usurp your data at all. The use of an encryption key for all personal data is the most probable solution that will be taken up by Android developers to overcome the flaw. This is a relatively minor fix so it should not be much of a problem to bring out the update soon.

Android does not officially support fingerprint authentication as of now. This feature is supposed to come with Android M, the next version of the popular OS. So if you are facing the issue, then you should blame the manufacturers who dared to bring out this feature despite lack of support by the OS. The best thing that can be done till an update is received is to ensure that applications with root access should only be procured from trusted resources. This should help to stay away from any malicious hacking attempt.

About Nishant

Nishant Raja is an expert author for the iNewTechnology. He writes about Smartphones, New tech Gadgets, Apps and how to use them.