Your fingerprint makes a terrific passcode. It's unique to you, it's always on you, and there's no chance you can forget it (something we can't say about every other password we've ever dreamed up). But, it's also a piece of data you don't want to fall into the wrong hands. And, unfortunately, security research discovered that the Samsung Galaxy S5 could be sharing your unique swirls and whorls with hackers.
According to Forbes, researchers with FireEye found that it's possible for hackers to intercept your fingerprint data before it can be securely stored on your device. Basically, what makes it safe for us to use fingerprints as a form of identification on mobile devices is that fingerprint data is stored in an extremely secure digital fortress within that device's memory. Once there, hackers would have a near-impossible time trying to extract it. But, a hacker could hack the fingerprint scanner itself.
“If the attacker can break the kernel [the core of the Android operating system], although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time. Every time you touch the fingerprint sensor, the attacker can steal your fingerprint,” FireEye's Yulong Zhang told Forbes.
But what, exactly, would happen if someone did get ahold of your fingerprints? Identity theft is the primary issue. If your PIN, password, or even your social security number are stolen, you can get them reset or re-issued. Not so with a fingerprint. If malicious jerks steal your fingerprint, replicate it, and use it, your unique identifier could put you in criminal-records databases, on no-fly lists, and more. Even worse: For bank accounts that use a fingerprint as a secondary identifier, a print thief may be able to wipe your account of all its hard-earned contents. That fingerprint reproduction you've seen in sci-fi movies? It's not just sci-fi anymore.
Luckily, this hacking possibility is fairly narrow: It only applies to the Samsung Galaxy S5 (and some other unnamed Android handsets), and only for devices running OS versions earlier than Android 5.0 Lollipop.
FireEye's researchers, who presented this information at the RSA conference in San Francisco this week, have reached out to Samsung about the vulnerability, but haven't yet heard back as to whether the company will issue a software update to address it.
In the meantime, if you have an S5, here's a solid reminder to update to the latest version of Android. You wouldn't want your fingerprint ending up in some Mission Impossible-style government-infiltration scenario. Or have to go back to using a passcode.
AdvertisementADVERTISEMENT