HTC caught storing fingerprint data in unencrypted plain text

htc having finger print issue

Security researchers have identified a way to access unencrypted fingerprint data on an HTC smartphone.

Four experts from security company FireEye found the HTC One Max stored fingerprint data in an image file that was simple to decode.
A growing number of smartphones use fingerprint recognition to unlock the
device or authorise online purchases.

HTC did not respond to a request for comment but the BBC understands the flaw has now been fixed.
"Biometric data is personal, it's an image of my fingerprint," said Professor Angela Sasse from University College, London.
"It's not beyond the wit of an attacker to create a dummy finger, if they have the raw data. And if they steal my fingerprint, I can't change it."

"Good manufacturers should hire a specialist to do a penetration test on their phone before they release it," she said.
"I find it hard to believe they did a security test on this device. And if one fingerprint system is broken, it has a knock-on effect on consumer confidence."
Prof Sasse said storing a fingerprint in an unencrypted format was "like writing your password on a notepad".