Malicious Apps Were Found to Scan Fingerprints Illegally

IoT developers keep finding new ways for users to authenticate themselves while using their devices and virtual services. This comes out of necessity because cyber attackers keep finding new ways to exploit the different authentication methods that are employed. Passwords continue to be used most regularly, simply because other technologies have not been developed fully, are not compatible with devices, or cannot offer users what they need. That being said, more and more devices and tools now allow users to authenticate themselves using their voice, face, retinas, and even fingerprints.

Without a doubt, identification via fingerprint scanning is nothing new. In fact, there is evidence that shows fingerprint analysis being employed as early as 500 BC. Of course, fingerprint scanning became common in our day-to-day life due to the technology that was created in the 20th century. Nowadays, fingerprint scanning is used as a form of authentication on many IoT devices. Unfortunately, hackers have found a way to exploit fingerprint scanning to steal personal information using fake apps.

Fake apps steal personal information from iOS users

If you own an iOS device, you need to be extremely cautious about fictitious and misleading apps that might have been set up to steal your personal information when you use the fingerprint scanning feature called Touch ID. According to ESET, some of these apps pose as fitness-tracking tools, and iOS users are tricked into downloading them – in many cases, from the Apple App Store – in the hopes of doing something good for themselves. Unfortunately, the opposite happens.

Two specific apps reviewed by researchers – Fitness Balance and Calories Tracker – were extremely pricey (up to €139.99), and the user would learn about the price only after they agreed to have their fingerprints scanned. Unfortunately, if a credit/debit card was linked to the Apple account, this fingerprint scanning would automatically validate the purchase. These two apps have been removed from the App Store, but it is impossible to say how many of them could still exist, or how many of them could be created in the future.

It is possible that the malicious apps could have recorded the scanned fingerprints too, and that is considered to be a form of personal data theft. This isn't the first recorded incident of hackers using fake fingerprint scanning apps. In fact, industry professionals and users were warned about this back in 2015, when Yulong Zhang demonstrated how hackers could use fingerprint scanners to perform illicit transactions. The researcher also showed how hackers could add their own fingerprints to a hacked device to gain access. He also found a way to perform fingerprint scanning even when the user did not know they were using a scanner. Three years later, more devices than ever have fingerprint sensors, which is why it is so important to understand the risks related to fingerprint scanning devices.

How to avoid malicious fingerprint scanning apps

Surely, you do not want to think about your virtual security and your financial security every time you touch your phone or any other device that uses fingerprint scanning technologies. It is now known that fake apps steal personal information not only by recording regular data (e.g., browsing data, passwords, usernames, pin codes, etc.), but by recording your fingerprints as well. If the malicious app manages to record your fingerprint, they might be able to perform illegal transactions from the connected credit and debit cards! So, if you want to avoid malicious fingerprint scanners, the first thing you need to do is learn how to spot them.

  • Whenever you download a new app, you have to be diligent about your research. Read reviews on third-party sources, and do not rely completely on the reviews available on the direct app's source. Of course, if the reviews and rating are terrible, you know that the app cannot be trusted. Unfortunately, ratings and reviews can be faked. The two fake fitness-tracking apps that we discussed in this report had very good ratings and reviews, which is why many users fell for the scam.
  • Read the description of the app. Familiarize yourself with the developer and their privacy policies. Do not ignore grammatical mistakes.
  • Be very cautious about the interface of the app too. Without a doubt, if an app requests you to scan your fingerprint, you should remove it immediately. And if you have been tricked already, check your balance to look for any suspicious transactions, and call your bank to find out what you can do to get your money back.
  • Do not skip the information regarding the permissions and privileges the app requests. If, for example, an app that is supposed to track your fitness also wants to connect to your camera or record your phone address book, it is quite possible that it was created by someone who is interested in more than just your fitness statistics.

You can learn more about malicious apps and how to identify them here.

What’s the alternative to fingerprint scanning?

If you are using a fingerprint scanner every day – for example, to log into your mobile device – you might be scared about the prospects. Yes, fingerprints are not invincible, and while it is a terrific alternative to other authentication methods, you might be looking for something else. Maybe it's worth looking into voice recognition? And maybe you go back to the good old passwords. If that is your choice, remember that password security is very important. Whether it's the passcode to your phone, the password to your online banking account, or the secret answer to a blocked profile, you need it to be strong and protected. Do you know how to feed two birds with one scone? Install a trusted password manager.

Cyclonis Password Manager is a tool that generates strong passwords for those who cannot come up with them themselves. It is also a tool that can safely store highly sensitive information, including passwords, credit card information, passport numbers, etc. It is a tool that can help you access private information from anywhere in the world using any device (given that the information is encrypted and stored on a cloud device). It is a tool that can help you take your virtual security to the next level for free.

By Foley
December 27, 2018
News
English
December 27, 2018
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Android Malware

24,000 Malicious Mobile Apps Are Blocked Every Day. What Are the Risks of Using One?

Did you know that information stealing mobile apps exist? Did you know that hundreds and thousands of malicious apps are blocked every day? Yes, apps that are meant to assist you and offer you great services can be... Read more

November 6, 2018
Malware

How to Avoid Malicious Chrome Extensions

Browser extensions can completely transform our online experience. They can do anything from blocking ads, to displaying inspirational quotes, to actually helping you be more productive. The more popular the browser,... Read more

June 27, 2018
How To

How to Checkup on Your Google Account's Security

Unless you live in a desert or some cabin in the woods with no internet access chances are good that your online life is heavily reliant on Google. Google Chrome is the most popular web browser on the planet, and... Read more

October 30, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.