Security flaw in Android version 5.0 and below makes it possible for hackers to take fingerprint copies and unlock Samsung Galaxy S5. This could lead to obtaining and exploitation of victim’s personal data.
FireEye experts Yulong Zhang and Tao Wei have exposed a critical Android flaw, which makes Samsung Galaxy S5 smartphone highly vulnerable to attacks.
Experts revealed that hackers can easily obtain fingerprint data and steal personal info, thanks to the flaw and use personal data for malicious purposes.
Mr Zhang and Mr Wei identified that due to the flaw it was possible to gather identification data prior to the phone getting locked in a secure region.
Researchers explain that fingerprint locks’ oriented phones are manufactured in a way that attackers don’t need deep access to the phone. Just accessing the device’s memory can expose finger scan data.
The acquired data can help attacker create a fake lock screen making the victims believe that they are just swiping their finger to unlock phone. However, in reality they are actually making a transaction.
The vulnerability also allows attackers to upload their own fingerprint data because devices like Samsung Galaxy S5 never keep records of the number of prints.
According to Zhang and Wei, the flaw not only affects Samsung phone but all Android smartphones may be vulnerable.
They will be presenting their findings on 24th April, at the RSA security conference, San Francisco.
According to Mr. Zhang, their findings are most likely to spread across handsets running Android 5.0 or lower versions.
Zhang told Forbes that he also identified that if users upgrade to Android version 5.1.1, they it is possible to remove the vulnerability.
Samsung states that the company was investigating the findings of FireEye experts and it takes security related issues “very seriously.”
Source: RSA Conference
Image via: WhoTrades