Hackers can abuse Galaxy S6 fingerprint tech

According to security researchers, a flaw in Android enables hackers to steal personal information from devices

Security research firm FireEye has revealed the Samsung Galaxy S6's fingerprint scanner is flawed, meaning hackers could steal the personal information stored on the device.

Yulong Zhang and Tao Wei, researchers at the company said personal data could be intercepted before it reaches a secure area on devices, allowing hackers to siphon it off.

Advertisement - Article continues below

The flaw is present in all devices running Android version 5.0 or older if the hacker was able to gain high-level access to a device. However, for those using Samsung Galaxy S5 devices, the issue is even more worrying, because hackers could potentially get fingerprint data by accessing the device's memory.

The research, to be presented at the RSA security conference in San Francisco today, revealed that criminals could create a fake lock screen that would make the user think they are unlocking the device when really they are authorising a payment.

Alternatively, hackers could over-ride the owner's fingerprint data with their own, meaning users are denied access to their own device, but criminals could use it instead for their own means.

All devices running on Android 5.0 and below are open to such attacks, but the update to Android 5.1.1 corrects this issue, FireEye said.

Advertisement
Advertisement - Article continues below

Because the flaw lies in the operating system rather than the device itself, FireEye said other Android-based fingerprint readers could be at risk too.

In April last year, the Samsung Galaxy S5's fingerprint reader was hacked by another set of security researchers who wanted to demonstrate how easy it was to over-ride the security measure.

Samsung said it takes its customers' security seriously and would investigate into the claims by FireEye.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/mobile/mobile-security/355889/parachute-introduces-superlock-feature
mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/hardware/355607/trump-administration-and-chipmakers-in-talks-about-us-based-factories
Hardware

Trump administration and chipmakers in talks about US factories

11 May 2020
Visit/mobile/mobile-phones/355583/samsung-addresses-a-zero-click-vulnerability-in-may-2020-security-patch
Mobile Phones

Samsung addresses a zero-click vulnerability in May 2020 security patch

7 May 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020