Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Severe weaknesses in Android handsets could leak user fingerprints

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 11 Aug 2015 08:11:35 +0000 (UTC)
http://arstechnica.com/security/2015/08/severe-weaknesses-in-android-handsets-could-leak-user-fingerprints/

By Dan Goodin
Ars Technica
Aug 10, 2015
HTC and Samsung have patched serious vulnerabilities in some of their Android phones that made it possible for malicious hackers to steal user fingerprints. The researchers who discovered the flaws said that many more phones from all manufacturers may be susceptible to other types of fingerprint-theft attacks.
The most serious of the flaws was found on HTC's One Max handset. According to researchers at security firm FireEye, the device saved user fingerprints as an unencrypted file. Almost as bad, the BMP image was readable by any other running application or process. As a result, any unprivileged process or app could obtain a user's fingerprints by reading the file. Attackers could capitalize on the weakness by exploiting one of the many serious vulnerabilities that regularly crop up in Android or by tricking a target into installing a malicious app. HTC fixed the issue after FireEye privately reported it, according to this summary, which didn't provide a date or other details of the update. 

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: