The fingerprint scanner is one of the most common implementations on today’s smartphones, and it is becoming even more popular, exploit writing course specialists mentioned. Users consider this to be the preferred method of users, as this avoids the need to remember a password or unlock pattern; however, many consider that there is still something to investigate about this technology.
In the hidden settings of the popular Xiaomi Mi 9T, it is possible to find a function to visualize the data captured by the scanner microcamera; the researcher attached a video to prove his claims. The story was shared by the Gizchina website.
Although the exploit writing course experts who have analyzed the video posted by this user mention that the resolution of the image is very poor, the finding is completely legitimate. Moreover, researcher Mishaal Rahman believes this is a serious oversight of the Chinese manufacturer, as a threat actor could abuse this feature for malicious purposes. In addition, the expert believes that the failure resides in the firmware, ruling out the possibility that the weakness is in the hardware.
Xiaomi has not commented on this publication, so it is not known if the company will release any updates to fix this problem; the Chinese company has been launching smartphones with biometric scanners for at least three years, although no similar flaws have been reported in other models. It should be remembered that the Chinese company specializes in the development of mid-range and low-end devices with remarkable performance compared to smartphones created by other companies, so its popularity has increased in multiple parts of the world.
As a Chinese company, the cybersecurity community in the West watches with particular attention the flaws detected in Xiaomi products, as many Asian companies face prohibitions similar to those implemented against Huawei, ZTE, among others, as mentioned by experts of the exploit writing course.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.