You can change your fingerprint 10 times...
...plus another 10 if you remember to wear flip-flops and take them off when reading it!
Malware can snaffle fingerprints used to unlock Samsung Galaxy S5 smartphones thanks to a security blunder, researchers claim. The vulnerabilities, due to be discussed at the RSA security conference in San Francisco this week, may be present in non-Samsung Android mobiles, too. Today's smartphones recognize their owners' …
I use the fingerprint sensor in my S5 Mini. It is quick to unlock, one of my "fingers" is a sideways thumb swipe so I can do it one-handed, plus the weakness with PINs/passwords/patterns is the fact that you may be seen and if you are seen enough or unlock carelessly in front of others, your secret may not be so secret. I can unlock my phone with others watching, my thumb is unique to me and this crowd isn't going to know how to fake a fingerprint...
...having said that, the standard rules apply here as a case of "business as usual". Malware and bad software carelessly installed can do bad things. Well. Duh. That predates mobile phone. Hell, it predates mobile computing.
If somehow I do get malicious software that tries to auth purchases - well, good luck with that. Apple doesn't know my bank details. Google doesn't either. And I won't go within a hundred miles of eBay/PayPal with a real bank account, it's virtual credit cards all the way. My phone authorising payments? Not a desired feature. It's a little computer, not a credit card. Start to cross over realms like that, you KNOW who the small print in the contract stipulates will be burned. Hint - it's us. So...no thanks. "Fingerprint" for unlocking only. Nothing more.
I have always understand that these devices can merely detect identifiable patterns within your fingerprints and then stock/store/cache these patterns. They do not actually read your fingerprint, ie they would be incapble of reproducing your fingerprint..
I do agree though that they stock a pattern which can then be associated with a password. This pattern could then be used to identify purchases if the pattern could be injected into the identification process. Which is probably possible via a means of hooking an chaining similar to what could be done with interrupts as long as you have kernel level access.
If this is not the case please give me a link to a worthy site which proves the contrary i.e. that these devices could actually reconstruct a fingerprint. At which point my tail will move quickly between my legs and I will scamper away into the darknass...
I suppose the problem is that when you're running SVC mode (or some other priv mode), the world is your oyster, so to speak. If the fingerprint sensor is a hardware device that is connected to the processor, it is accessible. This is a hardware issue, not a software one.
I suppose a better solution (that might load some cost on to the SoC/design) would be to have a completely isolated bus on to which security-related hardware can be attached, which connects directly to the TrustZone part of the chip and has no interrelation whatsoever with anything the ARM can access or control, other than via TrustZone.
This post has been deleted by its author
Compliments of Google apparently. It's a flaw in Android <= 5.0 - which explains why the S6 (Android 5.0.2) isn't afflicted. Samsung just had the misfortune to be using the fingerprint facility of a borked Android release in the S5.
The problem that "lopping a digit off" gives the attacker is that their crime is now an armed robbery + armed assault, which means the police will be really after you, and if you are caught you serve serious time. That kind of crime is really rare because the risk / reward ratio is just too bad.
They would have to do this multiple times, the finger print sensor only read a little part of your thumb or finger at once. Which is why you have to spend a while configuring it with different bits of your finger to build up a 100% match to start with. So to ensure a full print that could be used elsewhere and not just your phone, they would have to trick you into using this fake app to scan your finger many times and still hope you dont use that same part of your finger/thumb every time.
No, that's not right.
In a good implementation, the sensor would be directly connected to the TrustZone, and the only thing that any software on the phone can detect is that a finger was detected or not detected.
It seems that software can detect what the fingerprint sensor is reading, send it to the TrustZone, and check that it is detected or not. If the software stores that reading of the fingerprint sensor, it can send it to the TrustZone whenever it wants in the future, and the TrustZone will accept it.
So an attacker cannot get your complete fingerprint, but they can get something that will be accepted as your fingerprint and use it. Which is enough for bad uses, for example if your banking software _on that phone_ is protected by your fingerprint.
I don't think I know a single person who actually makes an effort to keep their phone secure. The vast majority have a simple swipe to unlock; often a pattern but frequently just the basic "swipe left to unlock" thing. Even those that opt for something more secure rarely have anything more than a 4 digit PIN. And of course, any of these can be easily compromised in similar ways to fingerprint sensors, as well as much simpler ways such as looking at the pattern of grease marks on the screen. Most people aren't looking to lock down their phone from dedicated criminals with plenty of time on their hands, they're just trying to avoid accidentally calling anyone while it's in their pocket and stopping people posting random shit to Facebook when they leave their phone on the table.
Sure, fingerprint sensors are not perfectly secure, but at the very worst they're no less secure than any of the other methods the vast majority of people use to lock their phones. If you're looking to protect valuable company secrets then blindly assuming you're safe because of fingerprints would be a bad idea, but the constant cries that fingerprint sensors are a terrible idea and should all be binned just because they're not the perfect security solution are just silly. They're more than good enough for the use of the vast majority of users. In fact, the biggest problem is that they're actually too secure - if I'm driving and want someone else to mess with the satnav or music I can tell them what swipe pattern to use, but I can't give them my fingerprint.
Being that the fingerprint reader on my S5 rarely works anymore, even if some crim were able to scam my fingerprint, they most likely wouldn't have any better luck unlocking the phone than I have had.
In fact, it is so bad now that I don't even use it any more. Now use a long PIN.
After having it fail to read the registered fingerprint, one has to wait 30 seconds before trying it again. Only to have it fail again and resorting to the backup PIN or password you have to include when registering a fingerprint.
Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords alone. We could be certain that biometrics would help for better security only when it is operated together with another factor by AND/Conjunction (we need to go through both of the two), not when operated with another factor by OR/Disjunction (we need only to go through either one of the two) as in the cases of Touch ID and many other biometric products on the market that require a backup/fallback password, which only increase the convenience by bringing down the security. You may be interested to have a quick look at a slide titled “PASSWORD-DEPENDENT PASSWORD-KILLER” shown at
http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802