Android Users Warned Fingerprint and Credit Card Data at Risk

Android users are being warned that their fingerprint and credit card data is at risk after cybersecurity researchers found key issues in the device’s mobile operating systems.
Switzerland’s École Polytechnique Fédérale De Lausanne found more than 30 problems within Google’s mobile operating system, showing that Android users could be at significant risk.
“The main risk is that hackers can get a foothold in your system and gain lifelong access to your data as long as you have the same phone. Your phone is no longer secure,” cybersecurity researcher Mathias Payer, who is in charge of EPFL’s HexHive Laboratory, said in a statement.
The researchers found the security problems by throwing random inputs of code toward the software, identifying 34 bugs in all and 17 labeled as “critical.”
Due to these bugs, researchers warned Android users could easily have their fingerprint, face, credit card and Social Security information stolen by hackers.
The research report looked at over 35,000 phone applications and indicated iPhone users could face similar risks.
“We studied the Android system because of the open nature of its platform, but similar security flaws are likely present in the iPhone ecosystem as well,” Payer said. “We see much less public security research on iPhones due to Apple’s closed approach which forces researchers to first reverse engineer essential information that is publicly available on Android.”
The researchers alerted the affected vendors of their findings and gave them 90 days to make the fixes but ultimately published their findings.
For several years, attackers have been shifting their focus to more aggressively target mobile device users, said Michael Covington, the vice president of portfolio strategy for Apple device management company Jamf.
“Though recent work may specifically highlight Android device vulnerabilities, both of the major platforms are being targeted, and for good reason,” Covington told Newsweek. “As more and more data is generated on and accessed through smartphones, these mobile platforms have become the nerve center for both consumers and mobile-first organizations.”
Covington urged both Android and iPhone users to adopt a mobile security strategy with several layers of defense, but businesses need to implement key changes as well.
“Our research shows that 40 percent of mobile users are running a device with known vulnerabilities, so this is low-hanging fruit for security teams to focus on before there’s a breach,” Covington said.
“Building upon that base, it is imperative that mobile security also includes defensive capabilities to stop common attacks like malicious apps that circumvent app store protections, and phishing attacks that trick users into parting with sensitive credentials and data.”