Darren Pauli reports on The Register website that security researchers have discovered that the HTC One Max phone stored user fingerprints as clear text in a “world readable” folder that could be accessed by other Apps. The Samsung Galaxy S5 was also found to have similar vulnerabilities.
The revelation was made by researchers presenting at the Black Hat security conference in Las Vegas earlier this month. It was one of four situations in which biometric data on an Android phone could be accessed by hackers. In one scenario they showed how attackers could have money transfers authenticated by getting a user scan their fingerprints on a fake login screen to unlock the device.
A link to the original research paper can be found here.