Researchers expose that some device manufacturers are not storing fingerprint data securely

A team of researchers presented a panel that showed that some manufacturers are not storing fingerprint data securely on their devices. This data was revealed last week at the 'Black Hat' conference held in Las Vegas.

Although the report is fairly detailed, the team specifically worked with the HTC One Max to demonstrate its findings. Instead of the device encrypting fingerprint data, they were able to find that the handset instead stored the print as a standard .bmp file and as world-readable.

image courtesy of Black Hat

Naturally, it isn't as simple as just opening the bitmap, the files did require some adjustment to create a proper fingerprint image. While this is only one example of a vulnerability, the research team did state that there are many other possibilities when it comes to the security of fingerprint scanners in devices.

With the increasing popularity of fingerprint readers in mobile devices, it is important that manufactures understand the importance of this data and properly secure the information. These concerns are becoming more of a reality as payment systems like Apple Pay and others gain traction. For those curious, HTC has patched the above vulnerability and users need not worry about the issue.

Source: Black Hat via BBC

Report a problem with article
screenshot_(37)
Next Article

Microsoft updates OneDrive with improved sync and document change notifications

raspberry-pi-windows
Previous Article

Microsoft makes Windows 10 IoT Core generally available

6 Comments - Add comment

Advertisement