Older Andriod versions had more vulnerabilities

Is Samsung’s Galaxy S5 ‘leaking’ YOUR fingerprints? Flaw means hackers can intercept and steal biometric data (Daily Mail); Forbes piece, here.

The pair told Thomas Fox-Brewster from Forbes that the flaw lies in older versions of the Android operating system, up to and including Android 4.4.

Subsequently, anyone running Android 5.0 or above are not at risk and the security experts are advising people on older models to update as soon as possible.

The semi-technical press seizes upon biometrics as a proxy for personal data. This is old news, but here’s a great example.

A close reading of the article reveals that earlier releases of Google’s version of the Android mobile OS weren’t as secure as they are now. This will come as news to few. The article points out that, “Once inside they can monitor all data sent to and from the phone, as well as data recorded by the handset’s built-in sensors, including the fingerprint scanner.”

Get it? Exploiting the security flaw means that the whole device is compromised: Email apps, microphone, location information, and possibly even the contents of phone calls themselves, but according to the author and editor(s), the news value is in the possibility of capturing a fingerprint image. Of course, it’s their outfit; it’s their call.

For readers here, instead of “OMG fingerprinst[!],” I’d emphasize that:

Not all mobile operating systems are created equal.
Different mobile applications offer a different mix of privacy costs and benefits.
Installing OS updates and patches is very important.
If the OS is compromised, the applications it runs are vulnerable.

Left out of the information readily available online about this hack is how the people at FireEye got their malware onto the hardware in the first place. Past “hacks” of biometric systems have been executed on a playing field that is far more favorable than the real world to the the hackers, where all the other layers of the security regime are stripped away from the one security link they want to test. Here’s a particularly striking example. If FireEye rooted the phone, side-loaded their malware onto the device, and went from there, this isn’t a hack in any real sense — it’s a malware test.

That hypothetical scenario would mimic a real world example where a user lost their phone and bad guys got it, loaded software on it and then returned the mobile device to the user who continued as if nothing had happened. In the security world, if you lose control of the hardware, all bets are off for anything that isn’t encrypted (with a strong key).

So, without more information, it’s hard to say how big a deal this is, or in many (most?) cases, was. In the bigger picture, this is a Google Android OS story. The subtext is that users who care about mobile device security should be thoughtful about what device/OS/app combinations they adopt, keep their device’s software up to date, and be careful about malware.

As automated and convenient security including biometrics becomes better and more common, the highway robbers of the 21st Century are increasingly forced to turn to social engineering techniques rather than frontal assaults on security technology.

See: The Con is Mightier than the Hack

Samsung to offer “touch-style” mobile fingerprint sensor

Samsung to ape Apple’s Touch ID with touch-style fingerprint sensor in ‘Galaxy S6’ – report (Apple Insider)

Samsung’s next flagship smartphone will ship with a Touch ID-like fingerprint sensor in place of the swipe-style sensor that the company employed on the underwhelming Galaxy S5, according to a new report.

Good move. The “swipe readers” can be a bit trickier to use.

No. Iris? Perhaps.

Does Samsung Have a Retina Scanning Smartphone Coming? (TechnoBuffalo)

The iris (left), which gives people “eye color,” controls how much light enters the eyeball. The retina (right) is the structure laying along the inside, back surface of the eyeball that translates light into nervous impulses for the optic nerve to send to the brain.

In a camera analogy, the iris would be, well, the iris, since cameras have them, too. The retina would be the film, or in an even better digital analogy, the charge-coupled device (CCD) that translates light into ones and zeros for computer chips.

Mobile iris technology is much more straightforward than mobile retina technology and is far more likely to be coming soon to a smartphone near you.

Samsung and biometrics extends PayPal’s point-of-sale reach

PayPal launches Galaxy S5 fingerprint-based payments in 25 countries (Android Authority)

Customers can use their finger to pay with PayPal from their new Samsung Galaxy S5 because the FIDO Ready software on the device securely communicates between the fingerprint sensor on their device and PayPal’s service in the cloud. The only information the device shares with PayPal is a unique encrypted key that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal’s servers”

It’s official: GALAXY S5 has a fingerprint reader

Spain, February 24, 2014 – Samsung Electronics today announced the fifth generation of the Galaxy S series, the Galaxy S5, designed for what matters most to consumers. The new Galaxy S5 offers consumers a refined experience with innovation of essential features for day-to-day use.

Essential device protection
The Galaxy S5 is IP67 dust and water resistant. It also offers a Finger Scanner, providing a secure, biometric screen locking feature and a seamless and safe mobile payment experience to consumers. The Ultra Power Saving Mode turns the display to black and white, and shuts down all unnecessary features to minimize the battery consumption.

The device will be available globally through Samsung’s retail channels, e-commerce and carriers on April.

More information is available at the Samsung site here.

See also this video.

The fingerprint scanner comes in for a couple of mentions in the first half.

See also:

All is proceeding as we have foreseen

Windows Phone 8.1 with fingerprint support, UI customizations — A new WP 8.1 SDK leak points to fingerprint scanner support in the next OS update, which should put Windows Phone level with iOS and Android. (GSM Arena)

Samsung’s next flagship phone will feature a swipe fingerprint scanner embedded in the home button (uSwitch)

April 22, 2014: LG G3 specs leak points to integrated fingerprint scanner (Trusted Reviews)

The prediction to which this post’s title refers can be found here.

Translate »