It's bad enough when attackers obtain legitimate passwords -- so what about when they get their hands on fingerprint images? (It's almost like machines looking and feeling human.)
Unfortunately, that's precisely what FireEye researchers Yulong Zhang and Tao Wei will demonstrate in their session "Fingerprints on Mobile Devices: Abusing and Leaking."
The researchers have found severe issues with the Android's current fingerprint scanning framework. They will demonstrate an attack that hijacks a mobile payment authorization process protected by fingerprint authentication. And they will show a fingerprint sensor spying attack that allows them to harvest fingerprint images.
(Image: "Cylon Centurion," by ckroberts61, via Flickr. Creative Commons.)