Tom Olzak

Archive for the ‘Android Security’ Category

Android fingerprint security not so secure

In Access Controls, Android Security, Biometrics on July 10, 2015 at 13:40

Since the introduction of Apple’s Touch ID, I’ve warned readers and clients about the complacency possible with fingerprint recognition on smartphones.  At Black Hat USA next month, two different presentations demonstrate how to steal fingerprint images from a compromised Samsung Android phones.

In one instance, FireEye researchers Tao Wei and Yulong Zhang demonstrate how to steal fingerprint images from the phone.  No finger stealing required…

At most, fingerprint recognition on smartphones is a convenience for accessing confidential information (in a public, confidential, critical classification scheme).  It should never be used for critical data.

Android malware not yet a real problem, but…

In Android Security, Mobile Device Security on July 1, 2015 at 13:52

Malware targeting Android devices is growing, likely hitting 2 million instances by the end of 2015 according to the Verizon 2015 Data Breach Investigations Report.  And while the number of devices actually infected is small, the potential for large scale mobile attacks is not.  See by Toolbox blog about this here…

%d bloggers like this: