Explore a critical Black Hat conference talk that delves into the security vulnerabilities of fingerprint authentication on mobile devices. Uncover the potential risks of fingerprint leakage, including confused authorization attacks, TrustZone design flaws, and pre-embedded fingerprint backdoors. Witness live demonstrations of hijacking mobile payments protected by fingerprints and collecting fingerprints from popular devices. Learn about the long-term consequences of compromised biometric data and gain valuable insights into securing fingerprint authentication systems. Discover key takeaways and receive expert suggestions for mobile vendors to enhance fingerprint security in this 39-minute presentation by Yulong Zhang and Tao Wei.
Fingerprints on Mobile Devices - Abusing and Leaking
Overview
Syllabus
Intro
Risks: Leaking Fingerprint Is A Disaster
System Attacks against Fingerprints?!
Authenticating
Confused Authorization Attack
FIDO Alliance's Specification
Fingerprint Image Format
Fingerprint Bitmap Recovery
Fingerprint Sensor Spying Attack
Fingerprint Settings
Fingerprint Backdoor
Key Takeaways
Suggestions to Mobile Vendors
Taught by
Black Hat
