Android phones pose biometric security concern

Fingerprint scanners have become one of the most popular new features within smartphones, but security experts warn that a lack of security within certain devices could lead to consumers losing financial and personal details.

During a presentation at the Black Hat USA conference in Las Vegas, Yulong Zhang, a researcher for smartphone security firm FireEye, expressed his concerns towards fingerprint scanners being used on mobile devices.

‘‘If you leak a password, you can just change it; if you leak a fingerprint, it’s lost for your whole life,’’ stated Zhang.

Zhang released a specific biometrics report entitled ‘‘Fingerprints On Mobile Devices: Abusing and Leaking’’ during the Black Hat conference, which brought to light a number of Android devices that contain potential security concerns.

According to the report, 50 per cent of all smartphones will contain a fingerprint sensor by 2019. In today’s world, a number of devices, including HTC’s One Max device, could be breached by an intruder.

The report found that the One Max saved fingerprints without encryption, making it easy for a hacker to steal the biometric information. The Samsung S5 smartphone also contained a similar flaw, leaving users’ fingerprints and their financial details vulnerable to theft.

Zhang made a number of suggestions to Android developers in his report, stating that ‘‘mobile device vendors should improve the security of the fingerprint auth framework with improved recognition algorithm against fake fingerprint attacks, and better protection of both fingerprint data and the scanning sensor.’’

Payment Eye recently spoke to Russel King, founder and CEO of Paycasso. King spoke about the challenges facing the technology in terms of dealing with the rise of identity fraud as well as the best practice of storing vast amounts of biometric information.

Related reading

Leave a comment