Security flaw in Android version 5.0 and below makes it possible for hackers to take fingerprint copies and unlock Samsung Galaxy S5. This could lead to obtaining and exploitation of victim’s personal data.
Researchers explain that fingerprint locks’ oriented phones are manufactured in a way that attackers don’t need deep access to the phone. Just accessing the device’s memory can expose finger scan data.
The acquired data can help attacker create a fake lock screen making the victims believe that they are just swiping their finger to unlock phone. However, in reality they are actually making a transaction.
The vulnerability also allows attackers to upload their own fingerprint data because devices like Samsung Galaxy S5 never keep records of the number of prints.
According to Zhang and Wei, the flaw not only affects Samsung phone but all Android smartphones may be vulnerable.
They will be presenting their findings on 24th April, at the RSA security conference, San Francisco.
According to Mr. Zhang, their findings are most likely to spread across handsets running Android 5.0 or lower versions.
Zhang told Forbes that he also identified that if users upgrade to Android version 5.1.1, they it is possible to remove the vulnerability.
Samsung states that the company was investigating the findings of FireEye experts and it takes security related issues “very seriously.”