The Week of Big Android Security Flaws Continues ⇥ zdnet.com

Zack Whittaker at ZDNet:

New research, set to be announced at the Black Hat conference in Las Vegas on Wednesday, by FireEye researchers Tao Wei and Yulong Zhang outlined new ways to attack Android devices to extract user fingerprints.

The threat is for now confined mostly to Android devices that have fingerprint sensors, such as Samsung, Huawei, and HTC devices, which by volume remains low compared to iPhone shipments. But down the line by 2019, where it’s believed that at least half of all smartphone shipments will have a fingerprint sensor, the threat deepens.

Of the four attacks outlined by the researchers, one in particular — dubbed the “fingerprint sensor spying attack” — can “remotely harvest fingerprints in a large scale,” Zhang told ZDNet by email.

Shout out to Whittaker for the clarification that fingerprint extraction bugs are “confined mostly to Android devices that have fingerprint sensors”.