Security experts have discovered a major issue with Samsung’s fingerprint scanner. A flaw in the device makes it possible for hackers to take copies of owners fingerprints, which can then be used to steal personal data from the phone.
Digital security firm FireEye, discovered the problems recently and have said other Android devices that use fingerprint recognition could also be in danger of attack.
In reply to the claims Samsung have said: “We take consumer privacy and data security very seriously. We are currently investigating FireEye’s claims.”.
What makes this discovery more worrying is the increased use of fingerprints to pay for products using services such as PayPal.
Speaking to Forbes, FireEye’s Yulong Zhang said: “If the attacker can break the kernel [the core of the Android operating system], although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time,”
“Every time you touch the fingerprint sensor, the attacker can steal your fingerprint. You can get the data and from the data you can generate the image of your fingerprint. After that you can do whatever you want.” Fingerprint scanners have become increasingly popular on many of the latest flagship phones.
Both Apple and Samsung use the technology, which allows easy access to the device without the need for a passcode. In 2013, a German group managed to bypass the fingerprint scanner on Apple’s iPhone 5s.
Hackers from the Chaos Computer Club took a picture of a person’s fingerprint left on a glass surface which they then used to unlock the iPhone.