A team of researchers presented a panel that showed that some manufacturers are not storing fingerprint data securely on their devices. This data was revealed last week at the 'Black Hat' conference held in Las Vegas.
Although the report is fairly detailed, the team specifically worked with the HTC One Max to demonstrate its findings. Instead of the device encrypting fingerprint data, they were able to find that the handset instead stored the print as a standard .bmp file and as world-readable.
Naturally, it isn't as simple as just opening the bitmap, the files did require some adjustment to create a proper fingerprint image. While this is only one example of a vulnerability, the research team did state that there are many other possibilities when it comes to the security of fingerprint scanners in devices.
With the increasing popularity of fingerprint readers in mobile devices, it is important that manufactures understand the importance of this data and properly secure the information. These concerns are becoming more of a reality as payment systems like Apple Pay and others gain traction. For those curious, HTC has patched the above vulnerability and users need not worry about the issue.
6 Comments - Add comment