Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Android Bug Cellphones Operating Systems Software Technology

Lock-Screen Bypass Bug Quietly Patched In Handsets (threatpost.com) 21

secwatcher shares a report from Threatpost: A design flaw affecting all in-display fingerprint sensors -- that left over a half-dozen cellphone models vulnerable to a trivial lock-screen bypass attack -- has been quietly patched. The flaw was tied to a bug in the popular in-display fingerprint reader technology used for user authentication. In-display fingerprint reader technology is widely considered an up-and-coming feature to be used in a number of flagship model phones introduced in 2019 by top OEM phone makers, according to Tencent's Xuanwu Lab which is credited for first identifying the flaw earlier this year. Impacted are all phones tested in the first half of 2018 that had in-display fingerprint sensors. That includes current models of Huawei Technologies' Porsche Design Mate RS and Mate 20 Pro model phones. Researchers said that many more cellphone manufacturers are impacted by the issue. The most popular phone in the U.S. that is impacted by this vulnerability is the OnePlus 6T. "[A]ll an attacker needs to carry out the attack is an opaque reflective material such as aluminum foil," reports Threatpost. "By placing the reflective material over a residual fingerprint on the phone's display the capacitance fingerprint imaging mechanism can be tricked into authenticating a fingerprint."
This discussion has been archived. No new comments can be posted.

Lock-Screen Bypass Bug Quietly Patched In Handsets

Comments Filter:
  • by mentil ( 1748130 ) on Saturday November 17, 2018 @05:17AM (#57660098)

    So you're telling me that the fingerprint reader can... read a fingerprint? Le gasp!
    Also, using aluminum foil to make electronics LESS secure? That's more heretical than using the Pythagorean formula to prove the existence of irrational numbers.

  • by Dan East ( 318230 ) on Saturday November 17, 2018 @08:32AM (#57660388) Journal

    That's a lot better than the interim workaround they sent out, which was to never eat sticky honey buns before unlocking your phone.

    I did think the fix of sending out cell phone cases with a wet wipe dispenser built into the back was clever. But then what do you do with the dirty wipes? That was starting cause litter problems.

    Another recommendation to lick off the touch sensor area of the screen regularly was highly effective, but it increased the chance of catching the flu by 37%.

  • “By placing the reflective material over a residual fingerprint [threatpost.com] on the phone’s display the capacitance fingerprint imaging mechanism can be tricked into authenticating a fingerprint.”

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...