“A recent report claims that fingerprint sensors that are used in Android smartphones are not as secure as TouchID [sic] fingerprint sensor used in the recent iPhones,” Sam Mobile reports.
“The new research by Yulong Zhang & Tao Wei, which was presented at the Black Hat USA 2015 conference in Las Vegas [last] week, demonstrated new ways to attack Android devices and steal fingerprints from them,” Sam Mobile reports. “Out of the four attacking methods outlined by the researchers from FireEye, one in particular – fingerprint sensor spying attack – could remotely steal fingerprints on a large scale.”
Sam Mobile reports, “This attack was confirmed on the Galaxy S5 as well as the HTC One Max. Apparently, smartphone makers don’t fully lock down fingerprint sensors. Furthermore, sensors in some devices seem to be guarded by ‘system’ privilege instead of ‘root”, making the job easier for hackers.”
Read more in the full article here.
MacDailyNews Take: Okay, who’s shocked that a half-assed, rush-job, knockoff feature bolted onto a half-assed, rush-job, knockoff operating system is insecure as opposed to Apple’s revolutionary Touch ID and iOS?
SEE ALSO:
Security journalist: Goodbye, Android, hello Apple iPhone! – July 29, 2015
Simple, secure Apple Pay propels mobile payments – January 26, 2015
Prior to Steve Jobs unveiling of Apple’s iPhone, Google’s Android didn’t support touchscreen input – April 14, 2014
Before iPhone, Google’s plan was a Java button phone, Android docs reveal – April 14, 2014
How Google reacted when Steve Jobs revealed the revolutionary iPhone – December 19, 2013
Apple to ITC: Android started at Apple while Andy Rubin worked for us – September 2, 2011
[Attribution: The Loop. Thanks to MacDailyNews Readers “Fred Mertz” and “Dan K.” for the heads up.]
For now only Apple has so-called “Secure Enclave” to store fingerprint hash data.
Others are only as secure as their current Android version is (which is often never updated).
Thou hast spoken too soonest DErss!
As far as I am aware (which by the way can also be viewed as being fast asleep!) Android OEM’s are busy designing a secure enclave incorporating a Western Digital or a Seagate 2GB external hard drive that will house the Android Secure chip and the chip to run the software required to operate the fingerprint sensor, the secure chips interface software and the EFI whatever EFI stands for, you choose!
All those gabins will require at least two thirds of the “GB leaving one third for the storage of at least two fingerprints in case one fingerprint cannot be read for all manner of reasons.
iPhone! Eat your heart out!!!! 🙂
? is this sarcasm?
It used to be possible to help close an HTML tag in a post when MDN screwed up. But it does not work in the new site design/implementation.
Security probably doesn’t matter all that much since there aren’t that many Android smartphones with fingerprint readers and those that have them probably aren’t being used very much to do transactions. Google is just going through the motions but I’m not sure their heart is really in it with Apple taking all the smartphone profits. I’m willing to bet a lot of Android manufacturers are going to end up like HTC.
Google is now pushing for $50 smartphones in India. That’s ridiculously cheap. Does anyone think those $50 smartphones are going to come with secure fingerprint readers? Google is pushing trash on uninformed consumers just for the benefit of having high market share. Quite pathetic, I’d say.
People made a real stink about the 5s’s fingerprint security but remained strangely silent when Samsung came out with the S5’s pathetic swipe version six months later. No wonder. Google should be able to penalize companies for copying Apple so poorly. If you can’t rip them off well, don’t bother!