Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTC Doesn't Protect Fingerprint Data

Posted by Soulskill on from the thumbs-down-on-the-scanner dept.

An anonymous reader writes: Biometric authentication is becoming commonplace — fingerprint scanners have been used on laptops for years, and now they're becoming commonplace on phones, as well. As more devices require your fingerprint to unlock, it becomes more important for each of them to guard that data. It's significant, then, that researchers from FireEye were able to easily grab fingerprint data off several recent phones. The most egregious offender is the HTC One Max, which stores the fingerprint comparison image as a simple .BMP file in a folder that's open to access. "Any unprivileged processes or apps can steal user's fingerprints by reading this file." According to the research they presented at Black Hat (PDF), it would also be simple for hackers who have remotely compromised the device to upload their own fingerprints to grant themselves physical access.

1 of 66 comments (clear)

  1. That's the great thing about biometrics by metamatic · · Score: 5, Insightful

    All the affected people have to do is change their fingerprints.

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak