Samsung introduced a fingerprint sensor on its Galaxy S5. Today, fingerprint sensors can be found on many modern smartphones, including most new Galaxy S devices and the new iPhones.
But all that biometric data being tossed around isn’t necessarily a good thing. A recently-discovered flaw shows that hackers may be able to steal your fingerprints from your Galaxy S5.
Cyber security researcher FireEye discovered the flaw. Fire Eye claims that attackers can steal biometric data – especially your fingerprint data – before it reaches a special encrypted “safe zone” within the Galaxy S4.
The attacker can then potentially make copies of the fingerprint to launch further attacks on the phone.
The Flaw Requires an Attacker to Root your Phone
Interestingly enough, the attack relies on rooting your phone. The attacker needs to gain access to the core levels of Android and break the kernel (which is the core of the Android operating system).
At no point can the hacker actually view fingerprint data in the safe zone, but data can reportedly be directly read from the fingerprint sensor at any time.
In other words, an attacker would have to gain access to your device, root your phone, then wait for you to swipe your fingerprint over your sensor and take that image as it is transmitted to the safe zone.
Is this attack a real threat to your smartphone security? Probably not. But still, if you’re the type of person who is particularly careful about your biometric security and how your fingerprints get shared, then you may want to go back to using the old PIN code entry method.
iPhone Fingerprints Can Also Be Hacked
Before Apple fans jump in and claim their phone is more secure, consider this: the iPhone’s fingerprint sensor was hacked within weeks of its release in 2013. Apple’s Touch ID was broken into by a Berlin-based hacking group known as the Chaos Computer Club (that’s a pretty cool name).
In the video below, that group showed how they can cover a fingerprint with a piece of latex containing the faked fingerprint in order to gain access to the iPhone 5S.
FireEye claims the problem likely affects more than just the Galaxy S5, including the HTC One Max, Galaxy Note 4, Galaxy S6, and Huawei Ascend Mate 7. The S5, however, is the only device tested for the flaw thus far.