HTC
suffered a lot recently. After stock prices took a dive several days ago, now
news has been broken that there was no cryptographic protection in Fingerprint
Identification, which made bad to worse.
 |
| HTC One Max |
HTC
One Max was launched two years ago, which was one of the earliest smartphones
which were equipped with fingerprint readers. However, now security corporation
FireEye Lab said HTC One Max store fingerprint data by means of directly
reading high resolution bitmap. Obviously this way has severe security breach.
 |
| HTC One Max |
In
the view of FireEye Lab, HTC One Max store fingerprint information as /data/dbgraw.bmp, authorization
is 0666(world readable). That’s to say, any procedure and application can filch
users’ fingerprint by reading the file.
What’s worse, sensor of HTC
One Max will update when users are using fingerprint identification function. Then
attackers can collect fingerprint scanning images of users without any effort.
 |
| HTC One Max |
FireEye
utilizes these files to rebuild fingerprint scanning images of users and
succeeds to escape from security system of mobile phones. Moreover, FireEye
said HTC One Max is not the only mobile phone which has security breach. But
they didn't point out their names.
 |
| HTC One Max |
Actually
the security breach is very important for the vast of users of smartphones
because the fingerprint accompanies us all the life. And we can’t change it
like code. So if your fingerprint has been stolen by hackers, then the security
breach will last for a lifetime.
No comments:
Post a Comment