The researchers stated that as of now only those smartphones which have fingerprint scanners are vulnerable. So as of now only premium category and flagship smartphones from likes of Samsung, Huawei, and HTC are vulnerable. The real fear is when the fingerprint scanner technology moves from premium segment to mid range and low budget smartphone segment which is assumed to happen in late 2018. Of the four attacks outlined by the researchers, one in particular — dubbed the “fingerprint sensor spying attack” — can “remotely harvest fingerprints in a large scale,” Zhang told ZDNet by email. The researchers confirmed that the exploit worked on HTC One Max and Samsung’s Galaxy S5, allows the hacker to stealthily acquire a fingerprint image from an affected device because device makers don’t fully lock down the sensor. ZDNet added that the sensor on some devices is only guarded by the “system” privilege instead of root, making it easier to target. Which meant that rooted Android smartphones were at greater risk. Scaringly once the hacker has gained entry via the attack, the fingerprint sensor can continue to quietly collect fingerprint data on anyone who uses the sensor and remotely send it back to the hacker, giving him unlimited harvest of fingerprints. Zhang and his partner have alerted the smartphone makers and the manufacturers have since patched their smartphones against this vulnerability. However the researchers have neither named the makers nor whether the patch has reached the end user. They also have not commented on which vendor is most vulnerable from the vulnerability. Regarding applying the same vulnerability to Apple’s iPhone, Zhang said it is quite secure. The iPhone which essentially pioneered the fingerprint scanner to unlock a smartphone, encrypts fingerprint data from the scanner. With biometrics exploding and being adapted for almost everything from gate access, passports, banking etc., the problem isn’t just limited to mobile devices.
