Fingerprints on Mobile Devices - Abusing and Leaking
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a critical Black Hat conference talk that delves into the security vulnerabilities of fingerprint authentication on mobile devices. Uncover the potential risks of fingerprint leakage, including confused authorization attacks, TrustZone design flaws, and pre-embedded fingerprint backdoors. Witness live demonstrations of hijacking mobile payments protected by fingerprints and collecting fingerprints from popular devices. Learn about the long-term consequences of compromised biometric data and gain valuable insights into securing fingerprint authentication systems. Discover key takeaways and receive expert suggestions for mobile vendors to enhance fingerprint security in this 39-minute presentation by Yulong Zhang and Tao Wei.
Syllabus
Intro
Risks: Leaking Fingerprint Is A Disaster
System Attacks against Fingerprints?!
Authenticating
Confused Authorization Attack
FIDO Alliance's Specification
Fingerprint Image Format
Fingerprint Bitmap Recovery
Fingerprint Sensor Spying Attack
Fingerprint Settings
Fingerprint Backdoor
Key Takeaways
Suggestions to Mobile Vendors
Taught by
Black Hat
Related Courses
Requirements Specifications: Goals and Conflict AnalysisUniversity of Colorado System via Coursera Threat and Vulnerability Management for CompTIA CySA+
Pluralsight Network Security Monitoring (NSM) with Security Onion
Pluralsight Security Event Triage: Operationalizing Security Analysis
Pluralsight Complete Guide to Elasticsearch
Udemy