Gummy Bears can be used by hackers to make a counterfeit fingerprint to fool your scanner
In essence, a hacker could post a fake lock screen on a phone and while the phone owner thinks he is using his fingerprint to unlock the device, the hacker could really be stealing a copy of the user's fingerprint for future use. FireEye's Zhang says that every time the phone's owner touches the fingerprint sensor, his print can be stolen. A Stolen print can be used to authorize a transaction requiring verification, making this a potentially expensive problem.
With more and more handsets employing a fingerprint scanner, this could turn into a major issue. Zhang and Wei are giving a talk on Friday at the RSA Security conference in San Francisco and have released in advance some of the slides that they will use for their presentation. As one of the slides points out, if your password falls into the wrong hands, a new one can be created. But if your fingerprint falls into the wrong hands (so to speak), that is a problem that can last with you for the rest of your life.
The scary thing is that fingerprints can be taken from smooth surfaces like a glass or a touchscreen. Prints can even be extracted from a picture of a person waving his hand. Touch ID can be tricked into accepting counterfeit fingerprints made using Gummi Bears. Considering that Touch ID is an important part of verifying a user's identification when using Apple Pay, this vulnerability will need to be addressed by Apple as well as other companies offering a smartphone with a fingerprint scanner.
Consider a situation where you might think that you are merely swiping your finger on your phone's touchscreen in order to unlock it. In actuality, you might be authorizing the wire transfer of a large sum of money to an account that you are not familiar with. And instead of confusing users in order to get them to mistakenly approve a transaction, some hackers will embed false fingerprints into a user's account so that they can approve an illicit transaction over the unsuspecting victim's handset.
FireEye suggests that users stick to mobile device vendors that update often. Make sure that your phone is updated every time one is offered, and install apps from reliable sources. Lastly, if you are an enterprise or government user, seek out professional help to get protection from such hackers.
source: RSAConference via TheRegister
Posts: 184; Member since: Jun 30, 2010
posted on Apr 23, 2015, 4:48 PM 7
Posts: 1280; Member since: Feb 27, 2014
posted on Apr 23, 2015, 9:52 PM 0
Posts: 6040; Member since: Aug 06, 2013
posted on Apr 23, 2015, 5:01 PM 1
posted on Apr 23, 2015, 5:01 PM 3
Posts: 2625; Member since: Oct 31, 2011
posted on Apr 23, 2015, 5:30 PM 5
Posts: 2454; Member since: Apr 23, 2015
posted on Apr 23, 2015, 5:37 PM 3
Posts: 1526; Member since: Oct 27, 2011
posted on Apr 23, 2015, 6:33 PM 0
Posts: 6794; Member since: Mar 29, 2012
posted on Apr 23, 2015, 6:59 PM 0
Posts: 3960; Member since: Oct 21, 2014
posted on Apr 23, 2015, 10:13 PM 0
Posts: 1418; Member since: Mar 02, 2011
posted on Apr 24, 2015, 12:35 AM 1
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
- Off-topic talk - you must stick to the subject of discussion
- Trolling - see a description
- Flame wars
- Offensive, hate speech - if you want to say something, say it politely
- Spam/Advertisements - these posts are deleted
- Multiple accounts - one person can have only one account
- Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):