[Infowarrior] - HTC Doesn't Protect Fingerprint Data
Richard Forno
rforno at infowarrior.org
Mon Aug 10 09:12:37 CDT 2015
HTC Doesn't Protect Fingerprint Data
http://it.slashdot.org/story/15/08/10/1258243/htc-doesnt-protect-fingerprint-data
Biometric authentication is becoming commonplace — fingerprint scanners have been used on laptops for years, and now they're becoming commonplace on phones, as well. As more devices require your fingerprint to unlock, it becomes more important for each of them to guard that data. It's significant, then, that researchers from FireEye were able to easily grab fingerprint data off several recent phones. The most egregious offender is the HTC One Max, which stores the fingerprint comparison image as a simple .BMP file in a folder that's open to access. "Any unprivileged processes or apps can steal user's fingerprints by reading this file." According to the research they presented at Black Hat (PDF), it would also be simple for hackers who have remotely compromised the device to upload their own fingerprints to grant themselves physical access.
--
It's better to burn out than fade away.
More information about the Infowarrior
mailing list