• Petrol Prices in Pakistan
  • USD to PKR Rates
  • MTMIS – Online Vehicle Verification
  • Ehsaas Program
  • Punjab Rozgar Scheme
  • Naya Pakistan Housing Program
  • Mera Pakistan Mera Ghar Loan
Monday, January 18, 2021
INCPak
  • World
  • National
    • Islamabad
    • Azad Kashmir
    • Balochistan
    • Khyber Pakhtunkhwa
    • Gilgit Baltistan
    • Sindh
    • Punjab
    • FATA
  • Health
  • Automotive
  • Technology
    • Tech News
    • Custom Roms
    • Tips & Tricks
    • INCPak Forum
    • Reviews
    • Phone Reviews
    • Crypto
    • Stock ROMs
    • What’s new?
    • Computer Stuff
    • INCPak Roms
  • Mobile Prices
  • Education
  • Entertainment
  • More
    • Editorial
    • Information
    • Travel
    • Beauty
    • Food
    • Music
    • Movies
    • Sports
    • Documentaries
    • Personalities
    • History
    • Economy
    • Emergency Numbers
No Result
View All Result
INCPak
No Result
View All Result

Is Samsung’s Galaxy S5 ‘leaking’ YOUR fingerprints?

by FIA
Apr 25, 2015
in Featured, Technology
Reading Time: 6min read
A A
0

Is Samsung’s Galaxy S5 ‘leaking’ YOUR fingerprints? Flaw means hackers can intercept and steal bio-metric data

Experts have discovered a flaw in older versions of the Android system Once a hacker has access to a phone they can monitor data from sensors From this, they can potentially intercept a fingerprint from the scanner Vulnerability has been tested and confirmed on the Samsung Galaxy S5 Fingerprint scanners are often touted as the future of security and an alternative to the notoriously flawed password.

But experts have discovered they may not be as secure as first thought after a number of Android devices, including Samsung’s Galaxy S5, were said to be potentially ‘leaking’ fingerprints.

The security researchers have found a way to intercept a person’s biometric data after it is captured by a built-in scanner, but before it becomes encrypted.

Tao Wei and Yulong Zhang from security firm FireEye are expected to discuss their findings at this week’s RSA conference in San Francisco.

The pair told Thomas Fox-Brewster from Forbes that the flaw lies in older versions of the Android operating system, up to and including Android 4.4.


Subsequently, anyone running Android 5.0 or above are not at risk and the security experts are advising people on older models to update as soon as possible.

The vulnerability means that a hacker can access the kernel, or core, of the Android operating system.

Once inside they can monitor all data sent to and from the phone, as well as data recorded by the handset’s built-in sensors, including the fingerprint scanner.

Typically, when a fingerprint is scanned it is encrypted and separated from the rest of the device in a secure folder.

Hackers can’t get access to this folder even with access to the kernel, but they can collect scans immediately from the fingerprint sensor before they reach this folder.

In addition to using these fingerprints to access the phone, for example, they can be used to make payments with PayPal.

The flaw means that once a hacker has access they can monitor data recorded by built-in sensors, including the fingerprint scanner. When a fingerprint is scanned it is encrypted. Hackers typically can’t access this encrypted file, but the flaw allows them to collect scans from the sensor before being encrypted

During tests, Mr Wei and Mr Zhang confirmed the flaw was present on Samsung Galaxy S5.

They have not yet tested it on other Android smartphones with built-in fingerprint scanners, including the Galaxy Note 4, Note Edge and Huawei Ascend Mate 7.

However, they believe the problem to be ‘more widespread’ than the Galaxy S5 and are planning to put this to the test.

Mr Wei and Mr Zhang said they have alerted Samsung to the issue but not received an update.

Samsung told MailOnline ‘it takes consumer privacy and data security very seriously’ and is currently investigating FireEye’s claims.

Security expert Graham Cluely said: ‘It’s worth remembering that fingerprints are not secrets.

‘Relying on your fingerprints to secure a device may be okay for casual security – but you shouldn’t depend upon it if you have sensitive data you wish to protect.’

This isn’t the first time Samsung’s S5 scanner has been exposed as vulnerable.

In April last year a group of German hackers managed to spoof the scanner using a dummy print.

This situation is made worse by the fact that once a password has been initially used to access PayPal and Samsung phones, the fingerprint can be continually used for access without re-entering the password – even if the phone is rebooted.

Alternatively, on Apple phones a password is required following every reboot.

That doesn’t mean that Apple’s TouchID scanner is without flaws.

It took hackers just two days and a small collection of everyday household items to bypass the fingerprint sensor on an Apple iPhone 5S following its launch in 2013.

Apple’s TouchID isn’t without flaws either. It took hackers just two days and a small collection of everyday household items to bypass the fingerprint sensor (shown) on an Apple iPhone 5S following its launch in 2013

Chaos Computer Club, based in Berlin, took a high-resolution photograph of a fingerprint from the side of a glass.

They then scanned it, before laser printing it onto a transparent sheet and covering it in woodglue. Once the glue had dried, they peeled off the print copy and pressed it on the scanner.

Matt White, senior manager in KPMG’s cyber security practice, told MailOnline: ‘Replacing passwords with biometric alternatives such as fingerprints provides better security, however it doesn’t completely eliminate the risk posed by cyber criminals.

‘The largest hurdle with biometrics going forward will be the establishment of consumer trust.

A fingerprint was photographed using 2400 dpi resolution. The image was inverted and laser printed onto a transparent sheet with a thick toner setting. Hackers then poured woodglue onto the print pattern, pictured top. After it dried, the sheet was lifted and pressed onto the sensor, pictured bottom, to unlock the phone

‘Trying to convince the average person to implant a piece of technology to increase security of their perceived already secure account is a battle unlikely to be won.’

Andy Kemshall, co-founder and technical director at SecurEnvoy added: ‘Biometric authentication is not yet near the level it needs to be for the majority of consumer facing organisations to implement it in their products.

‘Fingerprint scanning, eyeball scanning, voice and face recognition are all at least a decade away from being reliable enough to use as authentication methods.

‘The technology simply isn’t sophisticated enough.

ShareTweetPin
Previous Post

Earthquake in Nepal 7.9 magnitude

Next Post

Sabeen Mahmud gunned down in Karachi

Related Posts

WhatsApp Privacy Policy, WhatsApp, Terms and Condition
Technology

WhatsApp delays privacy policy changes

by Ali Gulrez
Jan 16, 2021
Samsung Galaxy S21, Galaxy S21 Plus, Galaxy S21 Ultra, Samsung Galaxy S21 Price, Galaxy S21 Price
Technology

Samsung Galaxy S21, S21 Plus and S21 Ultra – Price and Specifications

by Ali Gulrez
Jan 16, 2021
Xiaomi Blacklist, Xiaomi, Xiaomi, Chinese Military
Technology

Xiaomi responds to US blacklist, denies ties to Chinese military

by Ali Gulrez
Jan 15, 2021
TikTok, TikTok Policy
Technology

TikTok announces new policy for users under 18 years old

by Ali Gulrez
Jan 14, 2021
WhatsApp Signal, WhatsApp vs Signal, WhatsApp, Signal
Technology

WhatsApp vs Signal – Which is more secure?

by Ali Gulrez
Jan 14, 2021
WhatsApp Privacy Policy, PTA WhatsApp, WhatsApp
Information

PTA reviews the updated WhatsApp privacy policy

by Ali Gulrez
Jan 14, 2021
AMD Ryzen 5000, Ryzen 5000, AMD Ryzen 5000 series mobile processors
Technology

AMD announces Ryzen 5000 series mobile processors

by Ali Gulrez
Jan 13, 2021
Nvidia RTX, Nvidia RTX Laptop, Nvidia RTX 3060, Nvidia
Technology

Nvidia announces RTX 30-series laptop GPUs and RTX 3060 for desktop

by Ali Gulrez
Jan 13, 2021
Next Post
Sabeen Mahmud

Sabeen Mahmud gunned down in Karachi

NIPDA Tsunami Rom

NIPDA Tsunami Rom for QMobile X800

Leave a Reply Cancel reply

Your email address will not be published.

Follow us on Twitter

Qries

Latest News

sister inheritance, doctor, brother, sister, domestic violence

Doctor imprisons & tortures sister to deny inheritance in Lahore

Jan 16, 2021
Hira Mani Sawaari, Hira Mani, Hira Mani Singing, Kashmir Beats

Kashmir Beats: Hira Mani impresses fans with song Sawaari

Jan 16, 2021
PSL 6 anthem, Aima Baig, Naseebo Lal, Young Stunners, Aima Baig PSL 6 Anthem, Naseebo Lal PSL 6 Anthem

PSL 6 anthem to be sung by Aima Baig, Naseebo Lal & Young Stunners

Jan 16, 2021
WhatsApp Privacy Policy, WhatsApp, Terms and Condition

WhatsApp delays privacy policy changes

Jan 16, 2021
Pak VS SA

Pak VS SA: Touring squad arrives in Pakistan after 14 years

Jan 16, 2021
Punjab schools, schools reopening

Punjab govt issues instructions for reopening schools

Jan 16, 2021
Ride, Domestic Abuse, Domestic Violence

Short film ‘Ride’ focuses on the domestic abuse problem

Jan 16, 2021
Anoushay Abbasi Debuts as a Singer with Peer Bulavey  [Video]

Anoushay Abbasi Debuts as a Singer with Peer Bulavey [Video]

Jan 16, 2021
Samsung Galaxy S21, Galaxy S21 Plus, Galaxy S21 Ultra, Samsung Galaxy S21 Price, Galaxy S21 Price

Samsung Galaxy S21, S21 Plus and S21 Ultra – Price and Specifications

Jan 16, 2021
Gold Rate in Pakistan, Gold Rate Pakistan, Gold Price in Pakistan, Gold Price Pakistan, Gold Rate in Pakistan Today, Gold Price in Pakistan Today, Gold Rate, Gold Price

Gold Rate in Pakistan Today – 16 January 2021

Jan 16, 2021

Follow us on Instagram

Qries

USD to PKR Rates

Qries

INCPak Official Logo

Independent News Coverage Pakistan - INCPAK Logo

Independent News Coverage Pakistan - INCPak.com

INCPak Official App - Download from Google Play Store

Vehicle Verification Online App

Vehicle Verification Online App

MTMIS Vehicle Verification Online Pakistan - Download from Google Play Store

Site links

  • About INCPak
  • Advertise with Us
  • Terms and Conditions
  • Privacy Policy
  • INCPak Team Members
  • Cookie Policy
  • Contact INCPak
  • About
  • Team
  • Advertise
  • Terms
  • Privacy Policy
  • Contact

Independent News Coverage Pakistan - All Rights Reserved © 2021
This site is hosted by Evolution Host

  • World
  • National
    • Islamabad
    • Azad Kashmir
    • Balochistan
    • Khyber Pakhtunkhwa
    • Gilgit Baltistan
    • Sindh
    • Punjab
    • FATA
  • Health
  • Automotive
  • Technology
    • Tech News
    • Custom Roms
    • Tips & Tricks
    • INCPak Forum
    • Reviews
    • Phone Reviews
    • Crypto
    • Stock ROMs
    • What’s new?
    • Computer Stuff
    • INCPak Roms
  • Mobile Prices
  • Education
  • Entertainment
  • More
    • Editorial
    • Information
    • Travel
    • Beauty
    • Food
    • Music
    • Movies
    • Sports
    • Documentaries
    • Personalities
    • History
    • Economy
    • Emergency Numbers
No Result
View All Result

Independent News Coverage Pakistan - All Rights Reserved © 2021
This site is hosted by Evolution Host

Go to mobile version