Many manufacturers of mobile devices based on Android are not using TrustZone technology to protect biometric data.
Information Security researchers have discovered a way of FireEye kidnapping fingerprint data of users of such mobile biometric scanners as Samsung Galaxy S5 and HTC One Max. Experts have found that in the HTC One Max fingerprint is stored as an image file unencrypted dbgraw.bmp. Attackers using any non-privileged process or application can access this image, with high-resolution.
Experts Zhang Yulong (Yulong Zhang), Chzhaofen Chen (Zhaofeng Chen), Xue Hui (Hui Xue) and Tao Wei (Tao Wei) noted at the Black Hat conference in Las Vegas, it’s only the first scenario, which hackers can use to steal the biometric data. Criminals can also use a fake lock screen to authenticate the identity in the popular payment systems to intercept money transfers and embezzlement. Experts said that many manufacturers of mobile devices based on Android are not using TrustZone technology to protect the biometric data.
IB researchers also noted that by 2019 half of all mobile devices sold will be equipped with a fingerprint scanner. Remote code execution allow attackers to steal the biometric data en masse. It is likely that hackers will also be able to add their fingerprints with physical access to the user’s mobile device.
No comments:
Post a Comment