Stealing your fingerprints

Next story

Image

A security flaw in the Samsung Galaxy S5 could potentially allow the theft of fingerprint data from the devices “Trusted Zone”. Are biometrics really that safe and will they ever truly replace the password?


Biometrics are increasingly being used to unlock devices, approve transactions and as a general process for authentication. Some even think it might take on the password.

Fingerprints are the most commonly used, particularly in smartphones, but some also use an image of your face, your voice, or even the shape of your ear.

Biometrics have however taken a bit of a beating over the past few months, as we reported here, and that beating continues with an exploit which exposes saved fingerprint data on the Galaxy S5 Android smartphone.


Trusted Zone


Sensitive data on Android devices is typically stored in the “Trusted Zone” a walled-off area of the memory which should be near impossible to access.

The exploit in question seems to nab the data before it reaches the Trusted Zone and usually requires a very high level of access to the device. On the S5 however only basic access is required in theory.

Mark James, ESET security specialist, explains how likely the average user is to be affected by this kind of exploit.

“These issues have a high chance to affect users who do not keep their devices up to date as with other types of malware or security issues.

“The average user though probably won’t be affected by this as it involves a deeper level of access to the phone in the first place.

“As with any mobile device you need to look at exactly what you use your device for and ensure you take the required security precautions for that technology

“All new evolving tech will have a risk but most leading manufacturers will do all they can to ensure they fix any issues as soon as they arise but of course you are responsible for installing those fixes or patches.”


Biometrics take a beating


As previously mentioned: biometrics have been taking quite a beating security wise in the past few months.

Mark shares his honest opinion of biometrics and how secure he thinks they are.

“To be honest on mobile devices biometric unlock methods are usually there for ease of use rather than a requirement.

“They have a place but only providing you keep your device secure and ensure it is protected as best as possible.

“If we manage and review our installed applications and run regular scans using a good up to date piece of security software then that’s all we can do to protect ourselves.

“Once we stop being cautious and assume that we will never be the victim of an attack or malware infection then we will sooner or later end up being one.

“All of these features are options and carry their own risks, but we need to ask ourselves if we are doing everything we can to protect the device and if we really need or want to use that feature. If the answer is yes then use it and enjoy it but always ensure you understand the risks.

“Biometrics are still one of the safer ways to protect your device, a lot of the standard methods can be guessed or even recorded, all methods have their flaws and issues but sadly you will need to decide what’s best for you.


Join the ESET UK LinkedIn Group and stay up to date with the blog.

Do you use a biometric method to unlock your phone?