14 DAY TRIAL // The Samsung Galaxy S5 was the first device from the company’s S lineup to boast a fingerprint scanner, and people were pretty excited about it. But as it turns out, the fingerprint scanner inside Samsung’s previous flagship houses a very dangerous flaw.
Hopefully, you have never used the fingerprint scanner and continued to rely on the good old, traditional password when accessing you mobile device. Why?
The folks over at Forbes report that researchers at security firm FireEye have found a pretty serious security flaw hiding inside the Galaxy S5’s fingerprint scanner, which has the potential to allow hackers to copy your fingerprints and use them for their own malicious intents.
Fingerprint info on the Galaxy S5 available for the taking
Researchers discovered that if hackers managed to break the Android kernel, they would be able to read the fingerprint sensor information directly.
Basically, the malware only needs to gain system-level access to the Galaxy S5 in order to retrieve the confidential data.
The fingerprint coordinates are usually kept in a so-called “trusted zone” on the smartphone, but by using the technique outlined above, a hacker wouldn’t have to access this particular area anymore and still gain access to the private information.
So every time the user merely touches the fingerprint scanner, the attacker can have access to their fingerprint. And once the hacker accesses the data, they can use it to generate the fingerprint from it.
The vulnerability is characteristic to older versions of Android
The security researchers explain that the Galaxy S5 flaw lies in older versions of Android, up to and including Android 4.4.
So, users running Android 5.0 or above will not be subjected to the same risks. Luckily, Samsung has been rolling out the Android 5.0 update for its Galaxy S5 handset in several regions of the world, so if you haven’t upgraded your software yet, experts advise you to do so.
The researchers are yet to find out if the vulnerability affects other handsets with built-in fingerprint scanner, but the problem is believed to be quite widespread.
Samsung has apparently been made aware of the issue and is currently investigating FireEye’s claims. In case their claims turn out to be true, the Korean tech giant will work on providing a patch to eliminate the vulnerability.