Owner deviceς Android; Μια νέα έρευνα, που θα ανακοινωθεί στο συνέδριο Black Hat στο Las Vegas την Τετάρτη, από τους ερευνητές της FireEye Tao Wei Zhang και Yulong περιγράφει νέους τρόπους attackς σε συσκευές Android που επιτρέπουν να εξαγάγετε τα δακτυλικά αποτυπώματα του ιδιοκτήτη.
The threat is mainly limited to Android devices that have fingerprint sensors such as Samsung, Huawei and HTC devices. If you think that up to 2019, it is believed that at least half of the smartphones that will be in circulation will have a fingerprint sensor, this threat should not go unnoticed.
Of the four attacks described by the researchers, one - named "fingerprint sensor spying attack"- can" remotely collect large-scale fingerprints, "Zhang told ZDNet via e-mail.
Η επίθεση, η οποία επιβεβαιώθηκε σε συσκευές HTC One Max και Samsung Galaxy S5, επιτρέπει σε έναν hacker να αποκτήσει κρυφά τις εικόνες των δακτυλικών αποτυπωμάτων, γιατί οι κατασκευαστές συσκευών δεν κλειδώνουν πλήρως τον αισθητήρα.
What makes things worse is that the sensor on some devices is only "protected" by "system" permissions instead of root, which makes it easier to obtain fingerprints. (In other words: rooting or jailbreaking on your phone will put you at greater risk.)
When the attack occurs, the fingerprint sensor continues to quietly collect fingerprint data from anyone who uses it.
"With this attack, due to the sensitivity of the data, the victim should be feared for the rest of his life, as the attacker may continue to use his fingerprints to do other malicious things," Zhang said.
As you can see, it is a big problem. Fingerprints may be used for mobile payments, or device unlocking, but also for other malicious acts, such as exposing identity, immigration, as well as for other criminal offences.
The researchers did not say much, as they are preparing their presentation for the Black Hat conference held in Las Vegas.
However, Zhang said that Apple's iPhone is “enough safe”, as it encrypts the fingerprint data directly from the scanner.