Security experts warn against using fingerprints as passwords
Zhang was part of a team that revealed that several Android smartphones from makers including Samsung and HTC featured vulnerabilities that could allow bad guys to steal users’ fingerprints.
HTC’s One Max device, for instance, saved fingerprint images without encryption, they said.
[...] the images could be read by any other app on the phone, potentially leaving them exposed if the user had installed another program with a security vulnerability, according to the researchers.
Both the HTC One Max and Samsung Galaxy S5 also left users’ fingerprints vulnerable, the researchers said, by not isolating the fingerprint censor tech from the rest of the phone’s operations.
While fingerprint scanners have become a popular way to avoid using a password or PIN, especially on mobile devices, the FireEye research highlights some of the potential pitfalls of the tech:
Similar general security concerns have been raised about the fingerprint scanners used in other devices, like laptops, or by set-ups at motor vehicle departments and airports, researchers say.