15:05 24 April 2015
Samsung Galaxy S5, which uses fingerprint ID system, has been found by security researchers to be vulnerable to hackers who can take copies of fingerprints to unlock the phone and access the user’s personal data. Researchers said that other Android-based phones that use fingerprint ID systems could also be vulnerable.
Fingerprint ID systems are widely used today not just in smartphones but also in websites such as Paypal. The growing roster of firms that are members of the Fido Alliance are also using the technology to remove the need for passwords.
Android phones are designed to store and separate sensitive information in a walled-off area of memory known as the Trusted Zone. However, researchers Yulong Zhang and Tao Wei found that it is possible to grab identification data before the phone is locked away in the secure area. They also found that on Samsung Galaxy S5, hackers who get access to the gadget’s memory could reveal finger data scan. They can also upload their own fingerprints as devices do not keep good records of how many prints were being used on each device.
The findings will be presented at the RSA security conference in San Francisco on 24 April.