Ever since Apple introduced TouchID for iPhones, more and more smartphones feature fingerprint scanners. And that has some security researchers worried.
"If you leak a password, you can just change it; if you leak a fingerprint, it's lost for your whole life," FireEye researcher Yulong Zhang said at a presentation at the Black Hat USA conference in Las Vegas last week.
Zhang was part of a team that revealed that several Android smartphones from makers including Samsung and HTC featured vulnerabilities that could allow bad guys to steal users' fingerprints. HTC's One Max device, for instance, saved fingerprint images without encryption. they said. And the images could be read by any other app on the phone, potentially leaving them exposed if the user had installed another program with a security vulnerability, according to the researchers.
Both the HTC One Max and Samsung Galaxy S5 also left users' fingerprints vulnerable, the researchers said, by not isolating the fingerprint censor tech from the rest of the phone's operations. The phone makers have provided patches for these issues, according to a report from the researchers.
While fingerprint scanners have become a popular way to avoid using a password or PIN, especially on mobile devices, the FireEye research highlights some of the potential pitfalls of the tech: As a biometric marker, fingerprints are impossible to change.
They're also public. You leave fingerprints on, well, almost everything you touch. And researchers have even been able to spoof fingerprints based on public photos -- all of which makes fingerprints a pretty hard sell as the future of authentication to some experts. If someone else can make a copy of your prints, they stop being an effective security mechanism.
And there's a very real risk they might be compromised. Just ask the Office of Personnel Management: More than a million fingerprints were breached as part of cyberattacks against the agency disclosed earlier this year, in what experts consider a significant intelligence failure.
If the research has you on edge about the security of your own fingerprints with your smartphone, consider this: Similar general security concerns have been raised about the fingerprint scanners used in other consumers devices, like laptops, or by set-ups at motor vehicle departments and airports, researchers say.
The Washington Post
Thu Aug 13 2015
Fingerprints are not only public, there is very real risk they might be compromised.
Malaysia harap kerjasama ASEAN ke arah tampil kawal selia komunikasi dan multimedia lebih baik
Malaysia berharap dapat bekerjasama dengan negara anggota ASEAN yang lain untuk berusaha ke arah mengawal selia industri komunikasi dan multimedia dengan lebih baik.
UNM, Astro AWANI anjur Sidang Meja Bulat Kewartawanan
Astro AWANI bersama-sama Universiti Nottingham Malaysia (UNM) mengumumkan penganjuran sidang meja bulat bertemakan “Kewartawanan dalam Zaman Gangguan AI", dengan kerjasama Pusat Kewartawanan Bebas Malaysia (CIJ).
Wakil rakyat perlu ketepi agenda politik sempit - Tuanku Muhriz
Yang Dipertuan Besar Negeri Sembilan menitahkan semua ADUN negeri ini supaya mengetepikan agenda politik sempit.
PETRA lancarkan inisiatif Solar@PETRA sebagai usaha kurangkan jejak karbon
Sejajar dengan Perjanjian Paris, Malaysia komited untuk mengurangkan jejak karbon negara dan seterusnya mencapai tatus gas rumah kaca (GHC) sifar bersih seawal tahun 2050.
Antaranya ialah dengan melancarkan inisiatif Solar Peralihan Tenaga untuk Rakyat atau Solar@PETRA dan juga program Solar Boleh.
Antaranya ialah dengan melancarkan inisiatif Solar Peralihan Tenaga untuk Rakyat atau Solar@PETRA dan juga program Solar Boleh.
Individu pamer gambar Agong pada kempen PRK KKB dipenjara sebulan, denda RM3,000
Majistret menjatuhkan hukuman itu ke atas P. Ramasamy, 66, selepas lelaki itu mengaku bersalah selepas pertuduhan dibacakan.
Kerani rugi RM109,540 terpedaya pelaburan tidak wujud
Seorang kerani wanita sebuah syarikat swasta mengalami kerugian RM109,540 selepas terpedaya dengan skim pelaburan tidak wujud dalam talian.
Lelaki warga AS mengaku salah miliki video lucah, pornografi kanak-kanak
Tertuduh, David Matthew Frahm, mengaku bersalah selepas pertuduhan ke atasnya dibacakan jurubahasa di hadapan Hakim Helmi Ghani.
KPKT umum pembinaan PPR Bestari Jaya, selesai masalah perumahan lima ladang di Selangor sejak 1998
KPKT mengumumkan pembinaan Projek Perumahan Rakyat (PPR) Bestari Jaya bagi menyelesaikan isu perumahan yang dihadapi 245 keluarga peneroka.
Isu kasino Forest City: Polis rekod keterangan petugas portal bahasa Inggeris
Polis merakam keterangan seorang petugas media sebuah portal berbahasa Inggeris bagi membantu siasatan berhubung penerbitan artikel mengenai kasino di Forest City.
[TERKINI] Majlis Perasmian Persidangan DSA & Natsec 2024
Majlis Pembukaan Pameran Dan Persidangan DSA & Natsec Asia 2024 oleh Perdana Menteri, Datuk Seri Anwar Ibrahim di Malaysia International Trade and Exhibition Centre (MITEC), Kuala Lumpur.