Phone

Report: Samsung’s fingerprint sensors aren’t as secure as iPhone’s TouchID

Samsung closed the gap with Apple when it launched a touch-based fingerprint sensor in the Galaxy S6 and the Galaxy S6 edge, but a recent report claims that fingerprint sensors that are used in Android smartphones are not as secure as TouchID fingerprint sensor used in the recent iPhones.

The new research by Yulong Zhang & Tao Wei, which was presented at the Black Hat USA 2015 conference in Las Vegas earlier this week, demonstrated new ways to attack Android devices and steal fingerprints from them. This threat is confined mostly to Android devices including the ones from Samsung, HTC, and Huawei.

Out of the four attacking methods outlined by the researchers from FireEye, one in particular – fingerprint sensor spying attack – could remotely steal fingerprints on a large scale. This attack was confirmed on the Galaxy S5 as well as the HTC One Max. Apparently, smartphone makers don’t fully lock down fingerprint sensors. Furthermore, sensors in some devices seem to be guarded by “system” privilege instead of “root”, making the job easier for hackers.

In this attack, victims’ fingerprint data directly fall into attacker’s hand. For the rest of the victim’s life, the attacker can keep using the fingerprint data to do other malicious things.

– Yulong Zhang

The researchers did not comment about which Android smartphone maker has better security than the others, but he mentioned that the iPhones are “pretty secure” as it encrypts the data from the fingerprint sensor. After the report was released, all the vendors have released security patches to their devices. According to the researchers, the threat isn’t just related to smartphones as even some high-end laptops with fingerprint sensors could be compromised.

It was advised by the researchers that users should use frequently updated devices, install apps from reliable sources, and not to root their devices. As we reported earlier, rooting your Galaxy S6/S6 edge deprives you from using Samsung Pay, because Samsung knows that the transaction can’t be kept as secure as it should be.

Via Source

12 Comments

Sign in »

12
Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

nkolsen
nkolsen

So I’m confused with this line: “and not to root their devices.” Does that only mean rooted devices that are vulnerable or is it all ?

mokinto
mokinto

Password may change , but personal fingerprint is so personnel for me.

Jasi2169
Jasi2169

i can get that fingerprint and access it with ease but i need root permission for that ? so i am curious how he can get without root or just saying around ?

o0MHJ0o
o0MHJ0o

It didn’t actually explain how they would get your fingerprint? Can they do it over the net? Or do they need the phone physically? I’ve been on Android since Froyo, and thankfully never had problems with security. If anyone does lose their phone. It’s basic knowledge now to remotely wipe it, and with my Tab S, I’m the only person who’s fingerprint has worked. Many have tried. All failed. So, I don’t believe it’s a serious security threat.

GoldenDragon80
GoldenDragon80

Sorry for the off topic: the following update to 5.1.1 lollipop Galaxy S6 / S6 EDGE this (G925FXXU2BOGE) to 229MB, someone found that now the animation dont work of wallpapers crashed even when activated, and also ceased to exist the option to do to AUTO applications that are open in the background to save battery power, this new function that came out with version 5.1.1 on battery option, these two applications no longer work in my S6 after recently updating 229MB, which will be so I have this problem? will be a bug?

Celf
Celf

I don’t use my Note 4 fingerprint scanner because it’s a useless piece of garbage (bad…very bad recognition rate) so it’s no problem for me.

jboogie1289
jboogie1289

Must be your device because mines works flawlessly. Everytime.

j2001m
j2001m

This is only linked to the swipe type scanner, I.e. Not linked to s6

yocrush
yocrush

It is linked to the S6 too…

insydexvi
insydexvi

This article is totally B.S, why they are always praising the products of apple and makes bad comments to Samsung and to other OEM Manufacturers.

yocrush
yocrush

This is not a marketing website. TouchID is better and the others have problems. Let’s put it out so Samsung resolves this.

droyx
droyx

I am sure that at the software level this omission can be corrected.Waiting for a patch from Samsung.