Steve Kovach/Business Insider
The attack is called the "fingerprint sensor spying attack" and it can "remotely harvest fingerprints in a large scale," according to a report from ZDNet.
The attack primarily affects Android devices that have fingerprint sensors, which enable users to authenticate their identity by touch instead of by passcode. Affected phones include models made by Samsung, HTC, and Huawei.
FireEye researcher Tao Wei and Yulong Zhang will reveal details about their findings next week at the BlackHat security conference, but according to the report, the attack is possible because the fingerprint sensors on Android devices are not locked down.
In April, Zhang and Wei released a report at the RSA Conference that highlights just how problematic this kind of breach could become.
While stolen passwords are a big issue, stolen fingerprints have the potential to become an even larger problem because unlike passwords, you cannot just replace them when breached. To make matters worse, your fingerprint is associated with identity records, like your passport.
And if you use your fingerprint to authorize other things like payments and purchases, a hacker that has access to your fingerprint can do the same.
Hardware manufacturers vulnerable to the latest "fingerprint sensor spying attack" were notified and have since provided patches, the ZDNet report states.
But to help ensure security, Zhang and Wei recommend smartphone users always keep their software updated to the latest version to fix all vulnerabilities and only install popular app from the Google Play store with fingerprint sensors.