More Trouble For HTC As Fingerprint Data Hacked

More Trouble For HTC As Fingerprint Data Hacked
Janitors / Pixabay

After reporting its worst quarterly results ever earlier this month, security researchers have more bad news for HTC.

Investors are not happy about the smartphone manufacturer‘s results, and now customers have a reason to be upset. Researchers at security company FireEye have revealed that they can steal fingerprint information from the Samsung Galaxy S5 and HTC One Max.

Alluvial Fund May 2021 Performance Update

Alluvial FundAlluvial Fund performance update for the month ended May 2021. Q1 2021 hedge fund letters, conferences and more Dear Partners and Colleagues, Alluvial Fund, LP returned 5.4% in May, compared to 0.2% for the Russell 2000 and 1.0% for the MSCI World Small+MicroCap . . . SORRY! This content is exclusively for paying members. SIGN UP Read More

Fingerprint images stored insecurely on HTC One Max

Fingerprint scans were found to be stored in an image file named dbgraw.bmp in an unsecured folder. As a result, hackers that access these files can edit the prints, delete them, or use fake scans in order to make purchases. Hackers could also use malware which asks for the fingerprints upon start-up.

Samsung and HTC work in partnership with a third-party on the fingerprint technology, and it appears that significant security flaws are present. Although the S5 is affected, the new generation Samsung Galaxy S6 and S6 Edge feature a different sensor which prevents hackers from finding and exploiting the fingerprint images.

If a hacker accesses the image file, they can view even tiny changes to the fingerprints. Access gives the intruder indefinite use of the print, so long as the owner does not delete it from their smartphone.

Increasingly popular technology subject to serious security concerns

“To make the situation even worse, each time the fingerprint sensor is used for auth operation, the auth framework will refresh that fingerprint bitmap to reflect the latest wiped finger,” the team says. “So the attacker can sit in the background and collect the fingerprint image of every swipe of the victim.”

Researchers at FireEye believe that they are the first to discover the flaw, which means the manufacturers should have time to release a patch before hackers begin to exploit it.

It is a remarkable error by the fingerprint creator, and may explain why Samsung switched to a different provider in 2014. For HTC the story will generate more unwelcome headlines at an already difficult time for the company.

Given the fact that over half of phones could have a fingerprint sensor by 2019, such a simple flaw raises serious security concerns over the technology.

Previous article Andy Hall Astenbeck Capital Q2 Letter: The Missing Barrels
Next article Daniel Goleman: How Leaders Build Trust
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at [email protected]</i>

No posts to display