Researchers from security firm FireEye claim that even though biometric information on the Galaxy S5 is stored in a secure enclave it is possible to grab that information before it reaches that protected area, thus allowing hackers to clone fingerprints for subsequent attacks. Researchers Tao Wei and Yulong Zhang from FireEye will talk about this at the RSA conference tomorrow, they've conducted this research on the Galaxy S5 as well as other Android devices with fingerprint sensors.
The researchers say that hackers don't even have to focus on breaking into the secure enclave where biometric data is stored, they simply need to collect data from the device's fingerprint sensor. According to them any hackers can do that provided they have user-level access and can run a program as root. They wouldn't need to go any deeper on the Galaxy S5, the malware used to perform this only requires system-level access. So in theory this would allow the hacker to directly read the fingerprint sensor at any time and once they have the data they can use it to generate an image of the fingerprint. Wei and Zhang said that after they discovered this they reached out to Samsung but haven't heard back yet. They did say that this vulnerability isn't resident on Android 5.0 or later versions so if you want to protect yourself against this threat, best update.
In a statement emailed to Forbes a spokesperson for Samsung said: “Samsung takes consumer privacy and data security very seriously. We are currently investigating FireEye’s claims.”
