HTC vulnerable to fingerprint stealing, stores fingerprint image files in unencrypted folderHTC fixed the bug
In a white paper released by FireEye researchers(PDF), the group mentioned how easy it was to recover the image files from an HTC One Max phone. The fingerprints were stored in an image file named dbgraw.bmp in an open, readable and unencrypted folder. This means anyone that gains access to these files is capable of editing the fingerprints, deleting them and even forcing fake fingerprint scans.
The FireEye team also added “Any unprivileged processes or apps can steal a user’s fingerprints by reading this file.” This means the image would get updated every time in that world readable folder, every time the fingerprint sensor would be swiped to unlock the device. As a result, a malicious process could steal multiple images without detection.
HTC fixed the bug
The bug was fixed by HTC after FireEye notified the company of how dangerous it was. Talking about other security faults in Android, the researchers said that even if the protection of fingerprint data in a so-called “TrustZone” is indeed trustworthy, it only means that the fingerprints previously registered on the devices are secured. The research was presented at the BlackHat conference in Las Vegas last week by Yulong Zhang, Zhaofeng Chen, Hui Xue, and Tao Wei of FireEye Labs. Apple which pioneered the modern fingerprint sensor is “secure enclave”, as it encrypts fingerprint data from the scanner and never saves the actual image. Hence, it is impossible to retrieve a scan of the fingerprint. However, a group showed how by using a silicon representation of a stolen fingerprint they could successfully break into an iPhone. With the researchers predicting that fingerprint scanners will exist in about 50 percent of the phones sold in 2019, it is even more frightening to think of the lack of security on some devices with scanners. It is unfortunate that many of the phone manufacturers are not serious about the security of your biometrics and it is very difficult to find out what exactly are they doing with your fingerprint data or is it being kept safe.