Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Security researchers at FireEye have discovered vulnerability in the Samsung Galaxy S5 that allows hackers to clone fingerprints

Security researchers at FireEye have discovered vulnerability in the Samsung Galaxy S5 that allows hackers to clone fingerprints


Samsung Galaxy S5 and other ‘unnamed Android devices’ could leak user fingerprints to hackers that can clone them. According to security experts at FireEye, although Samsung implements encryption mechanism to protect user fingerprints archived on the mobile phone, an attacker can steal them just before they are encrypted. Smartphones acquire the user fingerprints in order to authenticate it, the scanned print is then compared against a copy held by the ARM TrustZone technology. When the user presses his finger against the device, the TrustZone code accesses the sensor, checks the scanned print and then provide the result of the comparison back to the OS. The TrustZone code is the unique one that could read data from the sensor. The attacker can then steal the fingerprints, clone and use them impersonate the victim against other authentication services that use his fingerprints.
 
Read More:
 
Source:
 
Security Affairs
 
Forbes
 
Wild Security
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis