Biometric Hacking: The Fingerprint Database
2nd of September, 2015
The Android Vulnerability
From the Black Hat conference earlier this August, we learned of a new hack taking advantage of vulnerabilities in Android devices. Using this vulnerability, hackers could gain access to your fingerprints allowing them to collect and store the fingerprints of Android users around the world.
As reported on by ZDNet, Fireeye researchers Tao Wei and Yulong Zhang exposed the vulnerability in Samsung, HTC, and Huawei devices with fingerprint sensors. This hack was one of 4 released by the researchers coined the “Fingerprint Sensor Spying Attack” and highlighted to attendees and followers of the conference the serious security misstep taken by Android device manufacturers. According to the article, in some cases security protecting access to a user’s biometric information was merely set as a higher level of permissions.
When thinking about the use of fingerprint scanning, Android is usually not the first device that comes to mind. Apple’s newer versions of iPhones, all equipped with the fingerprint scanners, were not subject to this embarrassing security fumble. In fact, researcher Zhang noted that the iPhone fingerprints are quite secure. This is because unlike Android, fingerprint information is encrypted on iPhone.
The Future of Online Shopping
Wei and Zhang’s hack has implications in online shopping as well as the use of credit cards. Discussed in an article by TechCrunch, Mastercard will be launching a program to accept “selfies” as authentication to complete transactions. A biometric data breach would render the payment system’s security obsolete.
It seems surreal that securing the privacy of the uniquely identifying information engrained in your DNA is not taken more seriously. I can’t help but entertain the idea that we are moving towards the dystopian world portrayed in novels: a collection of people living under a omniscient database of everyone’s biometric information.
Biometric hacking was just one of the many connected device hacks put on display at this year’s Black Hat conference. With connected devices becoming more common in everyday life, it is important to take note of the security of our devices. Take a look at our previous article on car hacking also put on display this year at Black Hat.
About Ryan Jeethan
Ryan is a graduate of the University of Waterloo’s Arts & Business program focusing on UW’s unique Speech Communication program.