• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

Aerendir banner
  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Directory
  • Podcasts

OnePlus 7 Pro Security Flaw Allowed Root Access to Biometric Images in TEE: Report

April 15, 2020

A report published by a team of security researchers from the Synopsys Cybersecurity Research Center (CyRC) reveals that a major security flaw found in the OnePlus 7 Pro smartphone was recently fixed by OnePlus after being notified of it by the CyRC team.

OnePlus 7 Pro Security Flaw Allowed Root Access to Biometric Images in TEE: Report

The report, published on the cybersecurity blog Security Boulevard, outlined the vulnerability which, if exploited, would allow an attacker access to the unencrypted bitmap fingerprint images of the hacked device — which are ‘readable’ versions of the biometric data, as opposed to encrypted templates — greatly compromising the user’s security.

More specifically, the flaw allowed the hacker privileged user access — commonly known as ‘root privileges’ — in the Trusted Execution Environment (REE) allowing them to communicate directly with the factory testing APIs, and request and retrieve the unencrypted images from the fingerprint sensor.

The flaw was discovered by the research team in July of 2019, and was brought to the attention of OnePlus a few months later following further tests. The team worked with OnePlus on a fix and an official patch — updating the OS to build 10.0.3.GM21BA — that was issued by OnePlus in January to address the problem.

This is unfortunately not the first time that the OnePlus 7 Pro’s fingerprint scanner has been the subject of negative publicity. Back in May of 2019, YouTube channel Max Tech discovered it was easily spoofed using materials commonly found around the house.

Source: Security Boulevard

–

April 15, 2020 – by Tony Bitzionis

Related News

  • FPC Details Benefits of Fingerprint Sensors in PCsFPC Details Benefits of Fingerprint Sensors in PCs
  • Suprema ID’s Latest Ultra-Thin Scanner Enhances Security on Chameleon DevicesSuprema ID’s Latest Ultra-Thin Scanner Enhances Security on Chameleon Devices
  • FPC CEO Looks at Biometric Trends and What Lies AheadFPC CEO Looks at Biometric Trends and What Lies Ahead
  • NEXT Biometrics Tech to Secure Crypto WalletNEXT Biometrics Tech to Secure Crypto Wallet
  • Fingerprint Cards Debunks Biometric Spoofing MythsFingerprint Cards Debunks Biometric Spoofing Myths
  • #AbsoluteEverything edge+ Smartphone Features Goodix In-display Fingerprint Biometrics#AbsoluteEverything edge+ Smartphone Features Goodix In-display Fingerprint Biometrics

Filed Under: Features, News Tagged With: Biometric, biometric authentication, biometrics, encryption, fingerprint biometrics, fingerprint recognition, fingerprint sensors, hack attacks, security breaches, software patches, spoofing

Primary Sidebar

Iris ID

Register For Our Upcoming Event:

Aware Visitor Management

Sponsored Links

AU10TIX, an identity management company headquartered in Israel, provides critical, modular solutions to link physical and digital identities so that companies and their customers can confidently connect.

CMITech is a leading provider of high performance, cost effective iris recognition systems. The company is setting the industry standard for advanced user interfaces that are fast, intuitive and effortless. Serving enrollment and authentication solutions of all sizes, CMITech systems include binoculars-type, wall mount, desktop, and kiosk-type product configurations.

Onfido is building the new identity standard for the internet.Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics. That’s how we give companies like Revolut, Zipcar and Bitstamp the assurance they need to onboard customers remotely and securely. Our mission is to create a more open world, where identity is the key to access.. For more information, please visit
www.onfido.com
TECH5 is an international technology company headquartered in Geneva, Switzerland, with branches in the US, Europe and Asia, dedicated to the design, development, and distribution of biometrics-driven Identity Management solutions. Target markets include Government and Private sectors with products powering Civil ID, Digital ID, eKYC, Digital Onboarding, Visitor Management and others. Learn more:
www.tech5.ai
ThreatMark brings trust to the digital world by providing cutting-edge fraud prevention solutions. Major banks use ThreatMark's AI-powered technology and behavioral biometrics to build secured banking experience to precisely verify their legitimate users, seamlessly across all digital channels. All while securing the users' most precious assets and keeping the fraudsters away. Learn more:
www.threatmark.com/
Aware Visitor Management
MobileIDWorld

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

IDEMIA big box

Recent Posts

  • EFF Objects to Un-Warranted Police DNA Searches
  • NYPD Gets Caught Lying About Rampant Use of Clearview AI
  • Secure Identity Alliance Encourages Use of Biometric Screening Tech at International Borders
  • BIO-key Unveils Trio of New Fingerprint Scanners
  • CBP Brings Biometric Screening to Eagle Pass, Del Rio Border Crossings

Biometric Associations

IBIA and fido
Thales digital ID

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives

Follow Us

Copyright © 2021 FindBiometrics