Alex Hern reports:
Samsung is “investigating” claims from security researchers that hackers can steal copies of fingerprints from the company’s 2014 flagship Galaxy S5 smartphone, as well as other Android devices, by exploiting a weakness in the operating system’s handling of biometric data.
According to security firm FireEye, Android fails in its attempts to render fingerprint information inaccessible to most apps by sequestering it in a “secure zone” on the phone. The flaw is simple: rather than trying to break into the secure zone itself, the attackers simply focus on reading the data coming directly from the fingerprint sensor before it reaches the secure zone.
Read more on The Guardian.