A new OnePlus 7 biometric exploit to worry about

The fingerprint biometric component on Android OnePlus 7s is presenting another security headache for the phones’ makers.

An article from security news publisher Trusted Review reports that researchers discovered a fairly esoteric way to convince the Google Android model to give up fingerprints and get user privileges.

The exploit has been fixed, but it is not known how many, if any, fingerprints were snared before that happened.

Synopsys’ Cybersecurity Research Center, or CyRC, researchers found the problem. According to the Trusted Review story, they got access to raw images of fingerprints via the rich execution environment (REE) even though images should have been securely stowed in the trusted execution environment (TEE).

It was a complex process, which means that only determined and experienced hackers would have known to look for — much less succeeded — with it. Little solace, but still.

A year ago, a video was posted showing a much less sophisticated way of faking a fingerprint to access a OnePlus 7 Pro. Elmer’s glue and aluminum foil were employed to create a print capable of opening a phone as fast as does a legitimate fingerprint.

Article Topics

Android  |  biometric data  |  biometrics  |  cybersecurity  |  fingerprint readers  |  smartphones  |  trusted execution environment