These days it is becoming more common for Android OEMs to introduce fingerprint sensors to their smartphones, especially after seeing the success Apple has enjoyed with Touch ID after the release of the iPhone 5s. However it seems that in their haste to adopt such a system, a rather glaring security flaw was left undiscovered, a flaw in which it would render such a security system useless.
According to the security researchers at FireEye, they have recently discovered a security flaw in Android that allows hackers to intercept fingerprint data, which in turn could let them use it to bypass the phone’s lock code, as well as authorize payments. Now typically fingerprint data is stored in a walled-off area of memory called the Trusted Zone.
However due to the flaw, hackers found a way to intercept the fingerprint data before it is locked away in the Trusted Zone. In fact for the Samsung Galaxy S5, this was even easier as hackers found that they would just have to access the phone’s memory to retrieve the fingerprint data. This is an issue that Samsung has promised that they will be looking into.
As for other Android phones, the flaw is present in Android 5.0 Lollipop and upgrading the handset to Android 5.1.1 is said to remove the vulnerability. However given how slow carriers and OEMs are to push out updates, it does potentially leave a lot of Android handsets exposed in the meantime.