Hackers have come up with ways of accessing phones that are locked with fingerprints, security researchers have warned. The hackers take copies of fingerprints used to unlock the phones and can even use the information to access other secure platforms.
Most of the latest smartphones in the African market have the fingerprint technology including Samsung, Apple, Huawei and HTC. The Samsung S6 and the iphone 6 come with the fingerprint technology already installed. Other users download fingerprint apps and install them.
Researchers say that any hacker who can acquire user-level access and run a program as a root, the lowest level of access on computers and smartphones, could collect fingerprint information from affected Android phones.
Samsung was “investigating” claims from security researchers that hackers can steal copies of fingerprints from the company’s 2014 flagship Galaxy S5 smartphone, as well as other Android devices, by exploiting a weakness in the operating system’s handling of biometric data.
Apple’s TouchID system, present on the iPhone 5s and iPhones 6, uses a similar trusted zone architecture, but no attacker has yet demonstrated the ability to lift fingerprints off the device using a software hack. The fingerprint sensor has, however, been shown to be vulnerable to spoofed fingerprints: a fake fingerprint, printed onto a laminated sheet and stuck to a real finger, can fool the fingerprint sensor.
In video posted to YouTube they showed how they could register an index finger on the phone and then, by covering the same hand’s middle finger with a piece of latex with the spoofed index finger print, access the phone in seconds.