Xianbo Wang, a Ph.D. student at the Chinese University of Hong Kong, today presented research he conducted along with associate professor Wing Cheong Lau, master s student Yikang Chen, Ph.D. candidate Shangcheng Shi, and Sangfor Technologies security expert Ronghai Yang.
In his Black Hat Europe talk, Wang explained how he was hunting for bugs in a mobile wallet app when he found a tactic to enable fingerprint-jacking, which is a user interface-based attack that targets fingerprints in Android apps. The term stems from clickjacking, he said, as this type of attack conceals a malicious application interface beneath a fake covering.