New security flaw surrounds the Galaxy S5’s fingerprint scanner

Researchers claim to have discovered a serious flaw affecting the fingerprint scanners used on Android smartphones, such as the Samsung Galaxy S5.

FireEye’s Yulong Zhang and Tao Wei told Forbes that it’s possible for hackers to “easily” steal biometric data stored on a mobile before it’s been properly secured in the ‘trusted zone’.

They could then create copies of users’ fingerprints, and commit further attacks.

“If the attacker can break the kernel, although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time,” said Zhang.

“Every time you touch the fingerprint sensor, the attacker can steal your fingerprint.

“You can get the data and from the data you can generate the image of your fingerprint. After that you can do whatever you want.”

Zhang and Wei said this issue could affect all fingerprint scanner-equipped Android handsets running Android 5.0 Lollipop and below, though attackers would require a high level of access to the targeted phone.

Chicken Widget

Samsung Galaxy S10 Pre-order Deals – Free Samsung Galaxy Buds

Samsung Galaxy S10 with free Samsung Galaxy Buds

Claim a free pair of Samsung Galaxy Buds worth £139 if you pre-order the Samsung Galaxy S10 before March 7th.

Samsung Galaxy S10 128GB Black – 60GB of data on EE with free Samsung Galaxy Buds

A great deal with nothing to pay upfront for the brand new Galaxy S10. This pre-order deal also includes the Samsung Galaxy Buds.

It’s a serious flaw, since an increasing number of smartphones, including the Samsung Galaxy S6 and Huawei Ascend Mate 7, allow consumers to authorise transactions using fingerprints.  

FireEye singled the Galaxy S5 out for deeper criticism, since attackers would simply need access to its memory in order to steal information.

“Samsung takes consumer privacy and data security very seriously,” the company reportedly responded. “We are currently investigating FireEye’s claims.”

Related: Android 5.0 Lollipop tips and tricks

Updating to Android 5.1.1 should remove the vulnerabilities, according to Zhang and Wei.