Tuesday, November 5, 2024
HomeMobile AttacksNokia 9 PureView Fingerprint Sensor Is Fooled by Chewing Gum

Nokia 9 PureView Fingerprint Sensor Is Fooled by Chewing Gum

Published on

Malware protection

The brand new Nokia flagship with five camera modules looks pretty promising but has several significant weaknesses. Recently, it shocked the world with dangerous security flaw related to its onscreen fingerprint sensor that is tricked by non-registered patterns of other fingers and even various items such as coins or gloves.

Users noticed the first issue right after the launch. Then, Nokia’s scanner had too low sensitivity and didn’t recognize the owners’ fingerprints often.

HMD Global responded to this problem with a patch dated by 19 April. The update improved the scanner’s sensitivity and really helped people to interact with their smartphones. Too much.

- Advertisement - SIEM as a Service

As for now, the PureView has an extremely responsive sensor that recognizes not only fingerprints of owners but also other prints and material objects, e.g. chewing gum packs, coins, gloves, etc.

The problem was spotted by Twitter user Decoded Pixel. He posted a video where his Nokia 9 is unlocked with two different fingers and chewing gum

Why This Happened?

The most recent update for Android 9 Pie 4.22 includes the patch from HMD Global. Most likely, engineers didn’t improve the recognition algorithm but simply lowered the sensitivity threshold so PureView now accepts prints with a quite low original match. Phone owners mention that they can unlock the gadget with almost any touch, including random taps and fingers wrapped in cloth. Developers still didn’t react to multiple complaints.

As usual, people also joke about the issue. Reddit users mention that this is a new Nokia feature that will be available for extra money – the Gum ID. Still, we shouldn’t forget about the real danger of such flaws as frauds can easily get access to stolen phones due to identification errors. The next OTA update should fix the sensor so it’s better to disable this feature now and use traditional PIN codes or graphic patterns. As well, you can order dedicated software development Ukraine here to get extra security layers for your applications.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...

Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars From Customers

The Phish, 'n' Ships fraud operation leverages, compromised websites to redirect users to fake...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hardcoded Creds in Popular Apps Put Millions of Android and iOS Users at Risk

Recent analysis has revealed a concerning trend in mobile app security: Many popular apps...

Research Unveils Eight Android And iOS That Leaks Users Sensitive Data

The eight Android and iOS apps fail to adequately protect user data, which transmits...

PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to...