The use of fingerprint readers have become an increasingly common reality in the new smartphones. After Apple have introduced the TouchID were several brands that have followed his example.
But these new security mechanisms, in addition to being useful, they also bring new problems. Now researchers have proven that fingerprint scanners used in Android are prone to serious security flaws.
Two researchers from FireEye now preparing to present at the Black Hat conference a study which shows that the fingerprint readers in Android are easy to attack and can easily release user data.
These are various forms that have created to achieve steal data of fingerprints of users, revealing the weaknesses that these systems have.
One of the biggest flaws found in these mechanisms is the lack of an effective data protection that readers are given when they are used.
With this attack is possible to collect the fingerprint images of users, which can then be used later to gain access to their own Android so that users do not detect.
Instead of resorting to real protection, with root mechanisms, these sensors use only permissions and Android-specific privileges to protect the fingerprint images.
This form of protection may be easily circumvented if the devices have made root, which facilitates access by attackers to most enclosed areas of Android.
Once you have access to the biometric data of users attackers can use them wherever and whenever they want. Also the collection of these data can be done for a long time and the various users who use the sensors, without their being notion that they are being collected.
Although not refer any particular brand and what less safe, it’s easy to see that these problems are present in Samsung devices, HTC and Huawei, as they are the main manufacturers who have smartphones in the market with these sensors
The failures were communicated to manufacturers where these problems are expressed, which tried to address them and increase security of fingerprint readers and biometric data collected.
Researchers also made an assessment of the Apple system and concluded that it is much safer than the Android.
The fact that encrypt the data still manages to give the reader a security layer hard to beat. Even if the data being stolen without the key used for encryption is impossible to access the data.
Via ZDNet
No comments:
Post a Comment