Security experts at this week’s Black Hat USA security conference are reporting serious security vulnerabilities on a couple of major Android smartphones. The devices in question are the Samsung Galaxy S5 and the HTC One Max.
In addition to finding backdoor vulnerabilities and means of getting around fingerprint authentication for mPayment systems, the hackers, Yulong Zhang and Tao Wei, also discovered that they could copy the smartphones’ fingerprint data. Needless to say, that is a huge security issue, granting successful hackers the keys to any other devices or services relying solely on fingerprint authentication. And, as biometrics skeptics like to point out whenever such vulnerabilities are discovered, fingerprints, unlike passwords, cannot be changed once compromised.
Engadget is quick to point out that the hacks did not work on any of the Touch ID systems on newer Apple devices (though there have previously been misgivings where Touch ID is concerned), but it’s also worth noting that the attack succeeded on an older iteration of the Samsung Galaxy smartphone, and not the Galaxy S6, whose fingerprint sensor system is presumably more secure. In any case, the findings are a good reminder of the importance of mobile security as increasing amounts of sensitive data are sent through smartphones. And the vendors concerned have been notified and already released software updates that should fix these issues.