8/12/2015

HTC user fingerprint streaking random access



The so-called "House seemingly endless rain." On Monday, the market value of China Taiwan handset makers HTC plunged core assets become worthless. Recently, the company also came a safety scandals, it has not saved to the mobile phone users to make any high-definition fingerprint security, hackers can use to steal freely.

According to the US technology news site TheNextWeb reports, the security error is very serious, and even called the "bomb."

Last week, security company "fire eyes" (FireEye) discovered the flaw HTC phone and announced.

The company said this HTC One Max with the company's flagship phone, for example, HTC will save the user's fingerprint image as "/data/dbgraw.bmp" the image file, access to files is "external random access", which It means that all the external phone software, you can read, copy, theft this important fingerprint image.

User fingerprint image is not a normal file, it is extremely important to user privacy information, you need strict protection, such as the use of encryption security, and to avoid other hackers steal software.

Worse, the user every fingerprint brush, HTC phone will re-update the fingerprint image, mobile phone software and processes (running a program) so that a hacker can steal a continuous series of user fingerprint image.

According to reports, in accordance with the practice of the security industry, the company first FireCam this vulnerability tell the HTC company, followed by HTC's technical team has been modified. HTC phones currently in the hands of users, is still there this vulnerability is unknown.


In addition to the HTC company, FireCam Andrews also exposed a vulnerability in the system, that hacker software can bypass the system of protection, access fingerprint recognition hardware.

Andrews rival Apple iOS system, is how to protect the fingerprint data it?

According to reports, Apple is using the special security measures to protect the user's fingerprint image and information, not in the phone to save directly to the user's fingerprint image mode.

US media noted that the company broke from the burner fingerprint security vulnerabilities can be seen, although the smart phone users have more biological verification means to verify the identity of the owner, but the poor performance of manufacturers in protecting user identity information. Including fingerprints, iris, facial portrait and other personal information stored where, whether it has been security, this is a mystery.

It should be noted that, HTC company accident on fingerprint security vulnerabilities, there is a certain representation. The company despite criticism from some industry professionals and the media, blindly targeting high-end mobile phone market, the flagship mobile phone prices in more than 600 US dollars level. However, compared to Apple's competitors, HTC's software development capacity and capacity-building of Applied Ecology, and Apple is not an order of magnitude.

And other high-end mobile phone maker Samsung Electronics compared, HTC opponents do not have much powerful hardware and components development capabilities and its own supply chain, but also far do not have the Samsung strong marketing budgets and strength.

Some industry insiders said, HTC continues to stubbornly in the high-end market and Apple fight, Samsung, Nokia probably took no return.