A team of security researchers from FireEye discovered a bug on the implementation of the sensor for scanning fingerprints of Galaxy S5 and more generally of some Android smartphones.
Save locally (or worse in a cloud) an invaluable resource as scanning your fingerprint might not be the wisest thing to do to ensure the security of data in your device. This is because, if an error in the implementation of the feature, the cyber criminal on duty could get access footprint and use it at their own discretion. And, unlike the password fingerprint that remains for life, and cannot be changed.
With this in mind, as found by the researchers of FireEye it could be of great importance: in essence, an incorrect implementation of the biometric sensor for fingerprints on Galaxy S5 (and Android in general) would allow malicious users to clone fingerprints saved locally on the device. Smartphone Samsung, and other Android devices unspecified, the fingerprint is stored on a protected file, but according to reports from security companies can catch it with malware before the application of cryptography.
” An attacker may be able to collect data from the sensors to the fingerprint scan on Android devices, ” by Forbes, who reported the news. To do so, you have to gain access to the device and enable root permissions to gather any information. But on Samsung Galaxy 5 ” we must not go down so deep ” – specific publication – with a malware that can constantly monitor the sensor and provide data as soon as it is used, and then even before the imprint itself in the memory ends device.
The team of researchers from FireEye contacted Samsung before disclosing the news but received no satisfactory answers. The company has not yet announced any update, even though he told Forbes, who is investigating this phenomenon in order to release as soon as possible a specific fix. It should specify that the devices updated to Android 5.0 Lollipop are immune to malware FireEye, therefore, as usual, we recommend the upgrade if the release is already available on your device.