Security News > 2020 > April > Fingerprint-Exposing Flaw in OnePlus 7 Phone Highlights TEE Issues
OnePlus 7 Pro devices made by China-based smartphone manufacturer OnePlus Technology were affected by a vulnerability that could have been exploited to obtain users' fingerprints.
Synopsys will release technical details at a later date, but a brief advisory made public on Tuesday reveals that the vulnerability could have been exploited by a malicious Android application with root privileges on the targeted OnePlus 7 Pro phone to obtain bitmap fingerprint images from the device's trusted execution environment, an area designed to keep sensitive data and code isolated and protected against unauthorized access.
Synopsys told SecurityWeek that an attacker could have exploited the vulnerability to recreate a user's full fingerprint, and then use it to make a fake fingerprint that would allow them to access the target's other devices that rely on biometric authentication.
"Of course, people's fingerprints don't usually change. As attackers become successful in retrieving and building large datasets of people's fingerprints, the usefulness of naïve fingerprint recognition in any application as a security control is permanently diminished," explained Travis Biehn, principal consultant at Synopsys.
It's unclear in the case of the OnePlus 7 Pro if the vulnerability existed in OnePlus code or third-party code.