Fire Eye a security research firm has revealed worrying news for owners of the Samsung Galaxy S5 and S6 phones. A flaw in the fingerprint scanner on both phones means it’s possible for hackers to steal any personal information stored on the phone and on the S5 hackers could get fingerprint data by accessing the phone’s memory.
These flaws have been discovered on Galaxy S5 and S6 phones running on Android versions lower than Lollipop also knows as Android 5.0, but if you are able to update to Android 5.0, your phone won’t be affected. These flaws have only being tested on Samsung Galaxy S5 & S6 phones but it’s possible that any Android device with a fingerprint scanner will also be affected as the flaw is in Android and not the phones.
According to Tao Wei and Yulong Zhang, two researchers from FireEye who uncovered the flaws, the phone makers affected have tried to segment and encrypt the information in a separate secure zone. However it’s possible to grab the biometric data before it reaches the safety offered in the protected area and create copies of people’s fingerprints for further attacks.
Zhang has also stated “If the attacker can break the kernel [the core of the Android operating system], although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time. Every time you touch the fingerprint sensor, the attacker can steal your fingerprint. You can get the data and from the data you can generate the image of your fingerprint. After that you can do whatever you want.”
If you update to Android Lollipop you will be fine but it is worth nothing that as of April 2015, statistics issued by Google indicate that 5.4% of all Android devices accessing Google Play run Lollipop. Most devices that run on Android get their update from their phone carrier as their device is locked to the carrier and this is results in users getting months after they are released.