A new research and presentation, held in the conference Back Hat Las Vegas last Wednesday by members of FireEye Tao Wei and Zhang Yulong call into question, for the umpteenth time, new forms of attack and compromising confidential information from Android smartphones. This time fingerprints.
Obviously, the threat is unique to Android smartphones with fingerprint sensor as Samsung, Huawei, HTC, OnePlus, etc. The distribution volume is still very low compared to the huge volume of distributed annually on Android devices. But the sensor is a trend and it is expected that all manufacturers include it in the future.
They presented four different attacks. The so-called “fingerprint sensor spying attack” is really worrying. Allows hackers to get fingerprints massively and remotely.
The attack, confirmed in a HTC One Max and Samsung Galaxy S5, allows hackers stealthily acquire a fingerprint image fingerprint of a device affected as manufacturers do not lock properly and entirely the fingerprint sensor.
Still comes the worst. Typically, devices with permissions root are affected, but vulnerability extends to those without these superuser. With access root things would be easier obviously. The root Android is an open gate potential hackers. The infection can get the print without the user having notion of attack
Zhang said, as reported by ZDNet.
“In this attack, fingerprints of the victims will fall directly into the hand of the attacker. The footprint of the victim has a lifetime validity, and the attacker can continue to use your fingerprint for malicious purposes “
This is a terrible problem. Fingerprints are used as key unique identity in the world . Imagine the problems that can result in immigration, criminology, identification, etc. This attack does not steal passwords that can be changed, steal our unique identity that is the fingerprint .
The researchers did not cite which manufacturer is the safest, but Zhang said that Apple iPhone , the first to implement this system of reading fingerprints, is “pretty sure” because encrypted footprint directly from the reader . Even if a hacker gains access to the sensor (which can not happen), would get an encrypted footprint.
The manufacturers concerned have already developed the necessary patches to be previously alerted by researchers. But we already know the problems of Android updates in the future and will become increasingly worrisome to smartphones that get more and more sensitive data. Imagine that in Windows whenever a serious vulnerability is found, most users never received an update that parchease vulnerability or received late. This is Android now.
No comments:
Post a Comment