+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A new Android attack lets hackers steal your fingerprint, even if they don't have your phone

Aug 6, 2015, 20:00 IST

Steve Kovach/Business Insider

Security researchers have discovered a way to attack Android devices to steal fingerprints without the user having any idea.

Advertisement

The attack is called the "fingerprint sensor spying attack" and it can "remotely harvest fingerprints in a large scale," according to a report from ZDNet.

The attack primarily affects Android devices that have fingerprint sensors, which enable users to authenticate their identity by touch instead of by passcode. Affected phones include models made by Samsung, HTC, and Huawei.

FireEye researcher Tao Wei and Yulong Zhang will reveal details about their findings next week at the BlackHat security conference, but according to the report, the attack is possible because the fingerprint sensors on Android devices are not locked down.

In April, Zhang and Wei released a report at the RSA Conference that highlights just how problematic this kind of breach could become.

Advertisement

While stolen passwords are a big issue, stolen fingerprints have the potential to become an even larger problem because unlike passwords, you cannot just replace them when breached. To make matters worse, your fingerprint is associated with identity records, like your passport.

And if you use your fingerprint to authorize other things like payments and purchases, a hacker that has access to your fingerprint can do the same.

Hardware manufacturers vulnerable to the latest "fingerprint sensor spying attack" were notified and have since provided patches, the ZDNet report states.

But to help ensure security, Zhang and Wei recommend smartphone users always keep their software updated to the latest version to fix all vulnerabilities and only install popular app from the Google Play store with fingerprint sensors.

NOW WATCH: These guys remotely hacked a Jeep - here's how to prevent it from happening to you

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article