Hackers can steal your fingerprint password from Android devices

Zhang said that “In this attack, victims’ fingerprint data directly fall into attacker’s hand”.

Hackers have the ability of breaking into just about anything and it was recently revealed that your fingerprint isn’t safe with Android devices that use skin sensors to unlock your phone.

However, analysts believe by 2019, where it’s believed that at least half of all smartphone shipments will have a fingerprint sensor. Experts at the conference pointed out that the Samsung Galaxy S5 and the HTC One Max had both displayed this vulnerability, but more devices are likely to carry it too.

FireEye Labs security researchers, Yulong Zhang and Tao Wei have demonstrated various way to steal the fingerprint data from devices including some clever phishing and software-related vulnerabilities. “Without the proper lock-down, the attacker from normal world can directly read the fingerprint sensor”, the researchers note in their report (PDF).

“To avoid being attacked by malware or being exploited for remote code execution, we suggest normal users to choose mobile device vendors with timely patching/upgrading to the latest version, and always keep your device up to date”, read the paper.

The affected vendors have been provided with patches for the loophole and customers have been advised to update their devices.

In the interim, the researchers take basic measures to protect themselves from attack.

The attacks are critical as the victim’s fingerprint can be used by attackers at other places including immigration, health records and criminal records.

While this is certainly cause for concern for Android users, Apple fans can breathe a sigh of relief, as it appears that the iPhone and iPad’s Touch ID biometric technology is far more secure. According to the two researchers, while they were able to view the sensor, they could not obtain the crypto key that would’ve enabled them to see the actual fingerprint in Apple products.