HTC device stores fingerprints without encryption

You are using a device ; Company researchers FireEye discovered a way to steal fingerprints from Androids that have biometric sensors, such as the Samsung Galaxy S5 and HTC One Max.HTC

But the team was in for a big surprise when they discovered that the fingerprints stored on the HTC One Max exist as εικόνας (dbgraw.bmp) σε έναν ανοιχτό φάκελο για όλο τον κόσμο, και χωρίς καμία κρυπτογράφηση.

“Τυχόν μη προνομιούχες διαδικασίες ή εφαρμογές μπορούν να υποκλέψουν τα δακτυλικά αποτυπώματα του χρήστη με την ανάγνωση αυτού του αρχείου,” αναφέρει η ομάδα λέει, προσθέτοντας ότι οι they can be printed conveniently.

Yulong Zhang, Zhaofeng Chen, Hui Xue and Tao Wei presented their Fingerprints On Mobile Devices: Abusing and Leaking [PDF] at the Black Hat conference held in Las Vegas last week.

Most device manufacturers fail to use Android Trust Zone protection to protect biometrics, researchers report .

“To make matters worse, every time the fingerprint sensor ται για auth , the auth framework refreshes the fingerprint bitmap,” the team reports.

"This way, the intruder can sit in the background and collect all the images of the victim's fingerprints."

The team also added that attackers with some remote code execution could massively collect these fingerprints, since they do not even need root rights.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).