Connect with us

Fingerprint Data Of HTC One Max Users Can Be Stolen, Report Says

Fingerprint Data Of HTC One Max Users Can Be Stolen, Report Says
HTC One Max Kārlis Dambrāns CC BY 2.0


Fingerprint Data Of HTC One Max Users Can Be Stolen, Report Says

Android phones that have biometric sensors are vulnerable to theft.

According to a report from FireEye Labs, fingerprints from Android devices – such as Samsung Galaxy S5 and HTC One Max – can be stolen.

Fingerprints Stored As Bitmap File

This flaw surfaced when the cyber security and malware protection firm found that One Max stores fingerprints as an image file (dbgraw.bmp) in a “world readable” folder, as reported by The Register.

“Any unprivileged processes or apps can steal user’s fingerprints by reading this file,” the FireEye Labs says.

The images can also be converted into clear prints by adding some padding, the group added.

(Also read: HTC One M8 Will Not Receive The Latest Android 5.1.1 Lollipop Update)

The report, which was co-authored by Yulong Zhang, Zhaofeng Chen, Hui Xue and Tao Wei of FireEye Labs, says, “While some vendors claimed that they store users’ fingerprints encrypted in a system partition, they put users’ fingerprints in plaintext and in a world-readable place by mistake.”

While the fingerprint scanner is used to unlock the phone, it is also used to authorize payments and money transfers through PayPal. The security firm said that “most vendors fail to lock down the [fingerprint] sensor. Without the proper lock down, an attacker… can directly read the fingerprint sensor.”

Security researcher and ACLU policy analyst Chris Soghoian said that HTC, after failing to “take reasonable steps” to protect several devices against security threats, was issued an order in February 2013 from the Federal Trade Commission to not mislead its customers. The smartphone manufacturer had not provided “adequate security training” to its engineers and did not review its software for flaws.

Following the discovery of the fingerprint security vulnerability, computer security researcher Graham Cluley said, “If we can’t trust the manufacturers of the computers that we put in our pockets and carry around with us all day, every day, to take security more seriously than this – what on earth are the chances that the internet of things will ever be safe?”

Fingerprint Theft Can Have Severe Consequences

After being notified, HTC issued a software update to rectify the flaw.

According to International Business Times, the theft of one’s fingerprint can potentially have severe drastic consequences – for they are used to create biometric data in passports and at border control. After finding out that it has been stolen, fingerprints (unlike a user generate password) cannot be changed.

“One leaked” FireEye says in its report, “they are leaked for the rest of your life.”


You might also be interested in: Delta: Pilot Makes ‘Blind’ Emergency Landing After Hail Damages Windshield


About Shaurya Arya

Shaurya covers wide range of genres. He is in the know about the day-to-day happenings in the US. He covers politics, environment, lifestyle and sports. Follow him to know the latest development in the US Presidential Election, rescue operations during tornadoes and other calamities or simply whether those viral videos and memes are true or hoax. With a Masters in Journalism, he has a bright future ahead in the field of writing and reporting.

More in Technology

Good News

To Top