Written by Kelly Sheridan / Dark Reading
14th December 2020
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
Many modern smartphones have a fingerprint scanner to authorize device access and enable account login, payment authorization, and other operations. The scanner is meant for secure authentication, but researchers are finding new ways to manipulate it for malicious gain.
Xianbo Wang, a Ph.D. student at the Chinese University of Hong Kong, today presented research he conducted along with associate professor Wing Cheong Lau, master’s student Yikang Chen, Ph.D. candidate Shangcheng Shi, and Sangfor Technologies security expert Ronghai Yang.
Xianbo Wang, a Ph.D. student at the Chinese University of Hong Kong, today presented research he conducted along with associate professor Wing Cheong Lau, master s student Yikang Chen, Ph.D. candidate Shangcheng Shi, and Sangfor Technologies security expert Ronghai Yang.
In his Black Hat Europe talk, Wang explained how he was hunting for bugs in a mobile wallet app when he found a tactic to enable fingerprint-jacking, which is a user interface-based attack that targets fingerprints in Android apps. The term stems from clickjacking, he said, as this type of attack conceals a malicious application interface beneath a fake covering.