Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[martinuzz]

Acoording to my Dutch newspaper, the internet security company FireEye discovered that the fingerprint sensor used in the Galaxy S5, and a few other platforms using android (not named by the newspaper)  is not safe.
By using security leaks in older Android versions, which allow for accessing the device's root directory, cybercriminals can circumvent the 'safe zone' the fingerprints are supposed to be stored in, and read and clone them at will. Fingerprint scans are not only becoming a common way of logging in for smartphones, but their use for authorizing online transactions is becoming more common as well.
Just one example of what people with bad intent could do with this, is make you believe that you are just logging in to your phone, while in reality you are authorizing a bank payment.

Apparently the leak is fixed in the newer android versions. Question is, how long until the next leak is found by the wrong party.

It would be wise for anyone who uses, or has used a Galaxy S5, or other device that combines Android with fingerprint scan, to go to the police and have them take note, as a matter of precaution.
You really don't want to be shot by a SWAT team because someone cloned your fingerprints.
Combine fingerprint data with high resolution 3d printer..... fingerprinted gloves anyone?

[~Neri]

Could always just.. Not use the fingerprint scanner.

[sluissa]

This was actually mentioned on the radio yesterday. An investor in security tech commented and said something along the lines of: "I'll never invest in biometrics, everything can be hacked, everything can be stolen. Except if your biometrics are stolen you can't change them like a normal password."

[forsaken1111]

Have a galaxy s5, can confirm that the fingerprint sensor is crap anyway and i never used it because it would only ID me correctly 1 in 4 tries even after repeated calibration/resets. I just use a pattern lock now so all is well.

I mean that is probably no more secure but at least I can access the phone when I want to.

[Lightningfalcon]

My cybersecurity team mentor always heavily advicsed against fingerprint scanners.  Not so much for the reason's stated here, but more because he felt they were easily fooled. 

[i2amroy]

Gotta go straight to the thought process for biometrics. What you basically do is think of a password and then take the EEG readings of your brain while you do. With enough work you could easily get something that is linked pretty specifically to the exact way that your brain lights up, while still being able to change your "password", so to speak, by changing the combination of things that you think about to unlock something. Only big drawbacks right now are your brain changing the way it lights up depending on your current mood (which could be fixed by stashing a variety of different moods' results and combining it with a mood check at the start of the reading) and making EEG's cheaper/more portable.

With a little more work (there's groups actually doing research on this right now) we could hypothetically even do something like ask the question "Is this really your password?" and then check if someone is lying when they click yes or no. Combine a few things like that and you could easily get something that didn't take too much longer to put in then a normal password (and took way less time than your standard retinal + voice + fingerprint scan combo), but could have catch rates easily several magnitudes better.

[~Neri]

I wouldn't want to use my brain as a password lock for anything, it's done too much weird shit for me to trust it to stay the same for very long.

[TempAcc]

It seems every biometric sensor today can be easily fooled. Even an eye scanner can be fooled by a high quality picture of someone's iris, which admitelly isn't something thats entirely easy to acquire, but hey, its possible, and likely takes less effort then making a fake fingerprint.

Even if we get some sort of DNA biometric sensor one day, it will just encourage people to somehow take a tiny piece of you and use it on the scan :v