Fingerprint identification is safe.

Source: Internet
Author: User

Since the iphone 5s opened fingerprint recognition function, Android smart machines have followed, the major handset manufacturers even push their security performance. In reality, however, fingerprint technology does not save the safety of mobile phones.

It is reported that only one day after the IPhone 5s was released, Chaoscomputerclub, Europe's largest hacker group, announced that it had cracked the touch ID and recorded the operation in video.

On the other hand, Andro was spared. According to the introduction, the fingerprint identification core technology is trustzone. But at the MOSEC Mobile Security Technology Summit in June this year, 360 mobile security researcher Shendi described how to exploit the software vulnerabilities created by Android handset vendors when implementing chip-level security solutions Trustzone, executing arbitrary code in trusted zones, and Trustzone completely. Once the trustzone is completely compromised, the hacker can easily identify the data by fingerprint.

Trustzone is a hardware-security architecture that protects sensitive information from hardware and software to two areas of the normal area. The entire architecture system is designed to protect data in the security zone against a variety of specific threats that the device may be exposed to. Therefore, the security zone and the normal area from the hardware to the software are split, the general district Third-party programs can not access the security zone of sensitive data.

But in fact, it doesn't have much effect.

In the August 2014, nearly all Gaotong dragons were found to have trustzone high-risk vulnerabilities. These vulnerabilities can be exploited by hackers to compromise the system's protection and access to user privacy information. such as payment protection technology, digital rights management, self-contained device office and so on will be attacked high-risk target, not only that, hackers may even completely destroy the system security mechanism. In other words, attackers can not only obtain sensitive data in the security zone, but also directly into the--trustzone of high privilege scenes such as payment.

Fingerprint identification paired with Trustzone was once called the last line of defense for mobile security. At the MOSEC Mobile Security Technology Summit held in June this year, 360 security researcher Shendi first completed the kernel of the mobile phone's normal OS, and disabled the latest version seforandroid, and then exploited the security zone to circumvent many security features and obtain sensitive information such as fingerprints.

The brutal truth tells us that this last line of defense will also become shaky. But everyone also need not despair, Lei Feng Network news, the World Black Hat Congress Blackhat will be held in Las Vegas in August, when Shendi will introduce to the global hacker about the Android system Trustzone security attack and defense research results, and live demonstration from the sensor read fingerprint data attack utilization.

Note : More wonderful tutorials Please pay attention to the triple Interior Design tutorial column, triple interior decoration Group: 183015782 welcome you to join

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.