http://arstechnica.com/security/2015/08/severe-weaknesses-in-android-handsets-could-leak-user-fingerprints/
By Dan Goodin
Ars Technica
Aug 10, 2015
HTC and Samsung have patched serious vulnerabilities in some of their
Android phones that made it possible for malicious hackers to steal user
fingerprints. The researchers who discovered the flaws said that many more
phones from all manufacturers may be susceptible to other types of
fingerprint-theft attacks.
The most serious of the flaws was found on HTC's One Max handset.
According to researchers at security firm FireEye, the device saved user
fingerprints as an unencrypted file. Almost as bad, the BMP image was
readable by any other running application or process. As a result, any
unprivileged process or app could obtain a user's fingerprints by reading
the file. Attackers could capitalize on the weakness by exploiting one of
the many serious vulnerabilities that regularly crop up in Android or by
tricking a target into installing a malicious app. HTC fixed the issue
after FireEye privately reported it, according to this summary, which
didn't provide a date or other details of the update.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
