Mobile security researchers have discovered a security flaw in Android that could enable attackers to intercept finger print data, which could be exploited to bypass the phone’s lock code or to authorize payments.
Though the affected phone makers have tried to segment and encrypt the information in a separate secure zone, the flaw enables an attacker to grab the biometric data before it reaches that “Trusted Zone” and even create copies of people’s fingerprints for further attacks.
The flaw exists within Android 5.0 Lollipop and is supposed to be solved by upgrading to Android 5.1.1. However, the usual Android fragmentation issue means that many users won’t have access to the newest version for quite a while.
Fingerprints and other forms of biometrics are becoming increasingly prevalent as potential alternatives to passwords. For now the question remains on whether OEMs and OS providers are doing enough protect users and raise trust in biometric authentication.