You are using a device htc; Company researchers security FireEye discovered a way to steal fingerprints from Appliances Androids that have biometric sensors, such as the Samsung Galaxy S5 and HTC One Max.
But the team was in for a big surprise when they discovered that the fingerprints stored on the HTC One Max exist as archives εικόνας (dbgraw.bmp) σε έναν ανοιχτό φάκελο για όλο τον κόσμο, και χωρίς καμία κρυπτογράφηση.
“Τυχόν μη προνομιούχες διαδικασίες ή εφαρμογές μπορούν να υποκλέψουν τα δακτυλικά αποτυπώματα του χρήστη με την ανάγνωση αυτού του αρχείου,” αναφέρει η ομάδα λέει, προσθέτοντας ότι οι pictures they can be printed conveniently.
Yulong Zhang, Zhaofeng Chen, Hui Xue and Tao Wei presented their Fingerprints On Mobile Devices: Abusing and Leaking [PDF] at the Black Hat conference held in Las Vegas last week.
Most device manufacturers fail to use Android Trust Zone protection to protect biometrics, researchers report data .
“To make matters worse, every time the fingerprint sensor usesται για auth operation, the auth framework refreshes the fingerprint bitmap,” the team reports.
"This way, the intruder can sit in the background and collect all the images of the victim's fingerprints."
The team also added that attackers with some remote code execution could massively collect these fingerprints, since they do not even need root rights.