A report published by a team of security researchers from the Synopsys Cybersecurity Research Center (CyRC) reveals that a major security flaw found in the OnePlus 7 Pro smartphone was recently fixed by OnePlus after being notified of it by the CyRC team.
The report, published on the cybersecurity blog Security Boulevard, outlined the vulnerability which, if exploited, would allow an attacker access to the unencrypted bitmap fingerprint images of the hacked device — which are ‘readable’ versions of the biometric data, as opposed to encrypted templates — greatly compromising the user’s security.
More specifically, the flaw allowed the hacker privileged user access — commonly known as ‘root privileges’ — in the Trusted Execution Environment (REE) allowing them to communicate directly with the factory testing APIs, and request and retrieve the unencrypted images from the fingerprint sensor.
The flaw was discovered by the research team in July of 2019, and was brought to the attention of OnePlus a few months later following further tests. The team worked with OnePlus on a fix and an official patch — updating the OS to build 10.0.3.GM21BA — that was issued by OnePlus in January to address the problem.
This is unfortunately not the first time that the OnePlus 7 Pro’s fingerprint scanner has been the subject of negative publicity. Back in May of 2019, YouTube channel Max Tech discovered it was easily spoofed using materials commonly found around the house.
Source: Security Boulevard
April 15, 2020 – by Tony Bitzionis