Security is uppermost in the minds of IT managers when considering whether to allow BYOD.
The recent slate of Android vulnerabilities uncovered by security researchers is certain to unnerve many IT folks.
The latest Android flaw
uncovered involves the fingerprint sensor on Android phones, which could
provide hackers the ability to steal the user's fingerprints.
FireEye researchers Yulong
Zhang and Tao Wei gave a presentation at the BlackHat security
conference last week in which they showed how an attacker could gain
access to not only the user's fingerprint but to anyone who scanned
their fingerprints using the compromised sensor.
And once the hackers steal the fingerprint, they can abuse it for the
rest of the victim's life.
Fingerprint sensors on mobile
devices are being used to secure everything from access to banking
accounts to corporate data.
So a compromised sensor could pose significant security risks for
organizations, particularly those that allow employees to bring their
own devices.
The researchers warned that
the flaw in the fingerprint sensor could enable attackers to "remotely
harvest fingerprints on a large scale," according to a paper they prepared based on their
work.
The FireEye researchers recommended that Android users "choose mobile
device vendors with timely patching/upgrading to the latest version
(e.g., Android Lollipop)…and install popular apps from reliable
sources."
No comments:
Post a Comment