Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTC Doesn't Protect Fingerprint Data

Posted by Soulskill on from the thumbs-down-on-the-scanner dept.

An anonymous reader writes: Biometric authentication is becoming commonplace — fingerprint scanners have been used on laptops for years, and now they're becoming commonplace on phones, as well. As more devices require your fingerprint to unlock, it becomes more important for each of them to guard that data. It's significant, then, that researchers from FireEye were able to easily grab fingerprint data off several recent phones. The most egregious offender is the HTC One Max, which stores the fingerprint comparison image as a simple .BMP file in a folder that's open to access. "Any unprivileged processes or apps can steal user's fingerprints by reading this file." According to the research they presented at Black Hat (PDF), it would also be simple for hackers who have remotely compromised the device to upload their own fingerprints to grant themselves physical access.

2 of 66 comments (clear)

  1. Amateurs by U2xhc2hkb3QgU3Vja3M · · Score: 4, Funny

    The most egregious offender is the HTC One Max, which stores the fingerprint comparison image as a simple .BMP file in a folder that's open to access.

    What a bunch of amateurs. Everyone who's learned a thing or two about graphic file formats knows that PNG is much superior.

  2. Security Alert by Anonymous Coward · · Score: 0, Funny

    In a horrifying security alert, researchers have revealed that your fingerprints are stored in unprotected memory on ANYTHING YOU TOUCH! Until a fix for this flaw can be found, it is suggested that all people immediately start wearing blue nitrile gloves at all time to mitigate this vulnerability.