Fingerprints on Mobile Devices: Abusing and Leaking

by Yulong Zhang, Tao Wei
Sept. 18, 2017 2 comments Black Hat belen_caty

In this talk, we will reveal some severe issues with the current Android fingerprint frameworks that have long been neglected by vendors and users. We will provide in-depth security analysis of the popular mobile fingerprint authentication/authorization frameworks, and discuss the security problems of existing designs, including (1) the confused authorization attack that enables malware to bypass pay authorizations protected by fingerprints, (2) TrustZone design flaws and fingerprint sensor spying attack to harvest fingerprints, (3) pre-embedded fingerprint backdoors, etc. We will show live demos, such as hijacking mobile payment protected by fingerprints, and collecting fingerprints from popular mobile devices. We will also provide suggestions for vendors and users to better secure the fingerprints.

https://www.blackhat.com/us-15/briefings.html#fingerprints-on-mobile-devices-abusing-and-leaking

Avatar
mrowton moderator 2 months ago

The bad guy doesn't need to crack your password, or even beat you in the head with a wrench so that you will tell him. No, now they can just cut off your finger

Reply
Avatar
Steven Ulm 1 month, 4 weeks ago

What happens if my fingerprint remains on a plastic bottle for example? With a proper scanner it can be cloned, right? :)

Reply