Biometric information has long been touted as the solution to the ever-fallible password, but new research has shown that it may not be as safe as generally assumed.
Hackers may be able to clone fingerprints and gain access to phones such as the Samsung Galaxy S5’s software, according to cyber-security company FireEye.
It is possible to steal biometric date, essentially the fingerprint, before it reaches a segmented and encrypted “safe zone” and create copies of people’s fingerprints for further attacks on their phone, Tao Wei and Yulong Zhang claim.
The researchers say that any hacker who can acquire user-level access and run a program as a root, the lowest level of access on computers and smartphones, could collect fingerprint information from affected Android phones.
The Samsung Galaxy S5, they said, would be a particularly tempting target as malware needs only system-level access.
Speaking to Forbes, Zhang said: “If the attacker can break the kernel (the core of the Android operating system), although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time… see more
source: Independent UK