No need for a dusting brush or CSI kit to lift a fingerprint these days. Hackers have exploited Android devices with fingerprint scanners allowing them to lift fingerprints remotely.
New research and information by Yulong Zhang and Tao Wei of FireEye Inc. could mean trouble for Android users’ security. This new research demonstrates the capacity of hackers to steal mobile fingerprints. Their briefing will be hosted by Black Hat USA 2015 on Thursday and will “show live demos, such as hijacking mobile payment protected by fingerprints, and collecting fingerprints from popular mobile devices.”
The concern, however, for hackers gaining access to your mobile print has been around since the original implementation of finger print scanners on mobile devices. As Forbes has noted, “passwords can be reset, but fingerprints are for life; if a criminal obtains a fingerprint along with the user’s identification information he can potentially use it to steal the user’s identity and commit crimes for decades.”
The mass collection hack that Zhang and Wei seek to outline can “remotely harvest fingerprints in a large scale,” Zhang told ZDNet.
According to ZDNet, “the threat is for now confined mostly to Android devices that have fingerprint sensors, such as Samsung, Huawei, and HTC devices,” also noting that jail-broken or rooted phones can make you more susceptible to attacks.
Zhang and Wei suggested in an earlier briefing that the best steps users can take to protect themselves include downloading apps from reliable sources and to always keep your mobile device updated.