Security Firm Says Android Users Vulnerable to Fingerprint Cloning

Samsung says it’s looking into FireEye’s claims; and it’s worth noting that the Android 5.0 Lollipop OS does not features this vulnerability.

Security Firm Says Android Users Vulnerable to Fingerprint CloningNumerous Android mobile devices including Samsung’s Galaxy S5 have major security vulnerabilities allowing hackers to copy users’ fingerprints, according to security firm FireEye. As reported by Thomas Fox-Brewster in a Forbes article, FireEye security experts plan to speak about the security flaws at this year’s RSA Conference.

The problem relates, of course, to Android devices that use biometric fingerprint scanning. While they’re designed to keep users’ biometric data encrypted in a secure zone – and succeed in that aim – FireEye’s researchers have discovered that it’s possible, and indeed not very difficult, for hackers to access that data at its source, before it reaches the encrypted zone. Any hacker who is able to get into the root level of an Android device’s operating system is able to access this data, and on the Samsung Galaxy S5 they would only need system-level access.

Samsung says it’s looking into FireEye’s claims; and it’s worth noting that the Android 5.0 Lollipop OS does not features this vulnerability.

But if FireEye is right, it’s a serious security issue, and one that could spook users just as the world of mobile commerce and payments is starting to take off. On the plus side, it could prove a catalyst for pushing companies towards multimodal authentication, a much safer approach to security that is already being embraced by financial services companies looking to expand their mobile app services.