• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

OnePlus 7 Pro Security Flaw Allowed Root Access to Biometric Images in TEE: Report

April 15, 2020

A report published by a team of security researchers from the Synopsys Cybersecurity Research Center (CyRC) reveals that a major security flaw found in the OnePlus 7 Pro smartphone was recently fixed by OnePlus after being notified of it by the CyRC team.

OnePlus 7 Pro Security Flaw Allowed Root Access to Biometric Images in TEE: Report

The report, published on the cybersecurity blog Security Boulevard, outlined the vulnerability which, if exploited, would allow an attacker access to the unencrypted bitmap fingerprint images of the hacked device — which are ‘readable’ versions of the biometric data, as opposed to encrypted templates — greatly compromising the user’s security.

More specifically, the flaw allowed the hacker privileged user access — commonly known as ‘root privileges’ — in the Trusted Execution Environment (REE) allowing them to communicate directly with the factory testing APIs, and request and retrieve the unencrypted images from the fingerprint sensor.

The flaw was discovered by the research team in July of 2019, and was brought to the attention of OnePlus a few months later following further tests. The team worked with OnePlus on a fix and an official patch — updating the OS to build 10.0.3.GM21BA — that was issued by OnePlus in January to address the problem.

This is unfortunately not the first time that the OnePlus 7 Pro’s fingerprint scanner has been the subject of negative publicity. Back in May of 2019, YouTube channel Max Tech discovered it was easily spoofed using materials commonly found around the house.

Source: Security Boulevard

–

April 15, 2020 – by Tony Bitzionis

Related News

  • Hacking Groups Claims to Have Samsung’s Biometric, Encryption, and Cryptographic DataHacking Groups Claims to Have Samsung’s Biometric, Encryption, and Cryptographic Data
  • IDEX Biometrics Partners With UK-based Card Issuer and ProcessorIDEX Biometrics Partners With UK-based Card Issuer and Processor
  • NEXT Biometrics’ $2.2M India Deal Is Now ‘Irrevocable’NEXT Biometrics’ $2.2M India Deal Is Now ‘Irrevocable’
  • Major Taiwan-based PC Maker Integrates FPC Biometric Sensors Into Two New LaptopsMajor Taiwan-based PC Maker Integrates FPC Biometric Sensors Into Two New Laptops
  • Realtime Leverages SecuGen Sensors for SAP SecurityRealtime Leverages SecuGen Sensors for SAP Security
  • Integrated Biometrics Makes Inc. 5000 Rankings for Sixth Consecutive YearIntegrated Biometrics Makes Inc. 5000 Rankings for Sixth Consecutive Year

Filed Under: Features, News Tagged With: Biometric, biometric authentication, biometrics, encryption, fingerprint biometrics, fingerprint recognition, fingerprint sensors, hack attacks, security breaches, software patches, spoofing

Primary Sidebar

Want To Deploy Biometric Access? Download This First:

The resources in this bundle will give you the know-how to choose the right biometric access for your organization.

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

With its secunet border gears product portfolio and specialised consulting expertise, secunet supports police forces and security authorities in their sovereign tasks. Whether ABC gates, self-service kiosks or biometric middleware – each component helps to strengthen identity protection and to accelerate verification – in mobile and stationary scenarios.

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • Highlighting Biometric Security, NC DMV Head Pushes for Mobile Driver’s License
  • NY Attorney General Takes Aim at Madison Square Garden: Identity News Digest
  • [New Sponsors Announced] Feb 15 Virtual Summit Sessions Announced: Digital ID in Healthcare, Financial Services, Travel
  • After 250% Revenue Spike, São Paulo Onboarding Startup Goes Global
  • In Pursuit of Digital ID: Identity News Digest

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 FindBiometrics