https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
  • IWCE
    • Back
    • Conference
    • Special Events
    • Exhibitor Listings
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Security


Partner content

‘Fingerprint-jacking’ attack technique manipulates Android UI

‘Fingerprint-jacking’ attack technique manipulates Android UI

  • Written by Kelly Sheridan / Dark Reading
  • 14th December 2020

Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.

Many modern smartphones have a fingerprint scanner to authorize device access and enable account login, payment authorization, and other operations. The scanner is meant for secure authentication, but researchers are finding new ways to manipulate it for malicious gain.

Xianbo Wang, a Ph.D. student at the Chinese University of Hong Kong, today presented research he conducted along with associate professor Wing Cheong Lau, master’s student Yikang Chen, Ph.D. candidate Shangcheng Shi, and Sangfor Technologies security expert Ronghai Yang.

In his Black Hat Europe talk, Wang explained how he was hunting for bugs in a mobile wallet app when he found a tactic to enable “fingerprint-jacking,” which is a user interface-based attack that targets fingerprints in Android apps. The term stems from clickjacking, he said, as this type of attack conceals a malicious application interface beneath a fake covering.

Wang kicked off his talk with a demo. On a device running Android 10, he opened the Magisk app, which can control the applications on a device that have root access. He then launched a simple diary application; while viewing, the interface of a lock screen appeared. A fingerprint was used to unlock the device and the user was directed back to the diary app. However, when the Magisk app was reopened, he showed the diary app now had root access on the device.

“Our observation, our motivation is that nowadays people use their fingerprints everywhere, especially on mobile devices, for different purposes,” Wang said. For example, fingerprints are used to open applications, authorize money transfers, and enable myriad other sensitive mobile processes.

“The target of this attack is to trick the user into authorizing some dangerous actions without noticing it,” he added. Researchers discovered five new attack techniques, all of which can be launched from zero-permission malicious Android apps. Some can bypass countermeasures introduced in Android 9, and one is effective against all apps that integrate with the fingerprint API.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Analytics Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Policy Public Safety Security Software Standards State & Local Government Subscriber Devices System Operation Test & Measurement Tracking, Monitoring & Control Partner content

Related


  • Newscan: Biden appoints Jessica Rosenworcel as acting FCC chair
    Newscan: Biden appoints Jessica Rosenworcel as acting FCC chair
    Web Roundup Items from other news organizations Biden appoints Jessica Rosenworcel as acting FCC chair FCC C-band auction’s first phase tops charts with $80.9 billion Judge refuses to reinstate Partler’s Amazon account FBI director says more than 200 suspects identified in U.S. Capitol riots Malwarebytes said it was hacked by the same group that breached […]
  • Professor calls for 5G moratorium over health fears; Omdia begs to differ
    t’s not what mobile network operators, suppliers and go-ahead governments want to hear. An essay by Professor John William Frank, published by the Journal of Epidemiology & Community Health, calls for a moratorium on further 5G rollout. Why? He wants further investigation into the next-gen tech’s “potentially harmful biological effects from radio frequency electromagnetic field […]
  • Jetting to the stars, using containers for development
    For an organization that sends rockets into space, stagnancy isn’t an option. Jetting to the stars requires technology, agility and a penchant for change. But much like for-profit environments, the U.S. Department of Defense struggles to move at the pace of business as it travels through the galaxy. It needs software development practices and platforms […]
  • T-Mobile US signs 5G deals with Ericsson and Nokia
    T-Mobile US signed new five-year, “multi-billion-dollar agreements” with both Ericsson and Nokia for the further expansion of its 5G network. The self-styled “uncarrier” has been working with the two European vendors on 5G for some time, also signing $3.5 billion agreements with each of them in 2018. T-Mobile said last year that it will use […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Biden relief plan includes $350 million for local and state government
  • Businesses struggle with cloud availability as attackers take aim
  • Newscan: San Diego Gas & Electric starts private LTE build using CBRS spectrum
  • Public safety needs a better way to triage emergency calls

Commentary


Public safety needs a better way to triage emergency calls

13th January 2021

In challenging year, working with public safety to move FirstNet forward

30th December 2020

Communications solutions must evolve quickly to meet needs of a changing world

31st October 2020
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Become a Thought Leader at IWCE 2021! We are looking for dynamic speakers to present case studies and technical tal… twitter.com/i/web/status/1…

26th January 2021
UrgentComm

RT @IWCEexpo: 📆 Mark Your Calendars: IWCE will be returning to Las Vegas this September and registration is slated to open in April 📆 Wa…

15th January 2021
UrgentComm

RT @IWCEexpo: ⚡FLASH SALE: Don't miss this exclusive offer! Passes to #IBFVirtual are now 50% off with code TWITTER50. Take advantage of th…

6th November 2020
UrgentComm

Get ready for part 2 of "Ensuring Public Safety Emergency Communications" next week! @PCTEL_inc will explore… twitter.com/i/web/status/1…

3rd November 2020
UrgentComm

Over the past few months, we’ve seen the world transform, and it's clear that cities will be affected in the long-t… twitter.com/i/web/status/1…

27th October 2020
UrgentComm

Florida state & local agencies subscribing to the Statewide Law Enforcement Radio System (SLERS) will be able to co… twitter.com/i/web/status/1…

26th October 2020
UrgentComm

Tune in to @slacorp CEO Josh Lober as he explains how the company has fully integrated its #PTT application to work… twitter.com/i/web/status/1…

26th October 2020
UrgentComm

.@SierraWireless announced the commercial availability of the AirLink MG90 platform, which they tout as the first m… twitter.com/i/web/status/1…

26th October 2020

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X