Hackers could steal your fingerprints from your Android device

Apple's Touch ID remains secure

A recent talk at the annual Black Hat Security Conference has revealed that the Android fingerprint framework, which uses our biometrics to unlock our devices, could be susceptible to attacks by hackers.

Not only would the security of our devices be compromised, but one of the potential hacks could even bypass fingerprint authentication for payment services such as Android Pay.

Perhaps most worrying of all security researchers Tao Wei and Yulong Zhang, who hosted the talk, demonstrated that hackers could even steal your fingerprint data, with the HTC One Max and Samsung Galaxy S5 apparently being vulnerable to this.

Apple Pay keeps the hackers away

While this is certainly cause for concern for Android users, Apple fans can breathe a sigh of relief, as it appears that the iPhone and iPad's Touch ID biometric technology is far more secure.

This is because your details are encrypted with a key that locks down your information, making it unobtainable even if hackers gain access.

The good news is that this should be a relatively easy fix, as by adding encryption to the fingerprint data on Android devices will keep the information secure from hackers.

We spoke to David Emm, principal security researcher, at Kaspersky Lab, about the threats that poorly protected fingerprint data could pose, and he told us that "unlike a password, people are unable to change their biometric data. So, if an account is compromised they can't simply change the password (the fingerprint!)".

Even worse, "the risks could be far greater than the theft of a single password. This would be equivalent to using the same password for everything, but without the opportunity to remedy the situation."

The good news is that manufacturers are aware of the flaw and have already begun updating their software to eliminate the problem.

It's worth noting that Android doesn't officially support fingerprints yet, but it will do with the Android M update. This means any potential blame lies at the feet of the manufacturers for now, and we have reached out to a number of them to find out what they are doing about this security issue.

Tags