Fingerprint readers have quickly become commonplace on our smartphones, and while they are touted as offering some of the best security, it seems that may not be true across the board. A group of researchers at FireEye have reported a flaw in certain Android phones like the Galaxy S5 that could allow hackers to steal fingerprint data. Now, before you start panicking and preparing to set your fingerprint-based phone on fire in the name of security, know that this can only take place in extremely limited situations, and as for Android itself, the loophole was already patched with the release of Lollipop.
This potential hack doesn’t gain access to Android’s secure storage area where a user’s fingerprint data is stored, but instead focuses on the scanner itself, stealing fingerprints as they’re being scanned by the device. Users wouldn’t even know, as the process runs silently in the background thanks to installed malware.
While FireEye says they’ve found this security flaw in several different Android phones, the Galaxy S5 was the only device that was named in their report. The good news is that if you’re running Android 5.0 or newer, which most affected devices are already shipping with, you’re safe. The other aspect that makes this potential situation very rare is that it requires the operating system’s kernel to have been “broken” by attackers.
Samsung has commented that they are looking into the report from FireEye, but in reality if a device hasn’t been rooted there’s almost no chance of the kernel being affected, and the malware can’t make it onto the phone if apps are only being downloaded from Google’s Play Store.