New flaw in Xiaomi smartphones allows hackers to use the fingerprint scanner as a camera

The fingerprint scanner is one of the most common implementations on today’s smartphones, and it is becoming even more popular, exploit writing course specialists mentioned. Users consider this to be the preferred method of users, as this avoids the need to remember a password or unlock pattern; however, many consider that there is still something to investigate about this technology.  

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es xiaomi9t.jpg

Through a Reddit forum dedicated to the community of Xiaomi device users, a researcher shared an interesting finding about the fingerprint scanner on one of the company’s smartphones.

In the hidden settings of the popular Xiaomi Mi 9T, it is possible to find a function to visualize the data captured by the scanner microcamera; the researcher attached a video to prove his claims. The story was shared by the Gizchina website.

Although the exploit writing course experts who have analyzed the video posted by this user mention that the resolution of the image is very poor, the finding is completely legitimate. Moreover, researcher Mishaal Rahman believes this is a serious oversight of the Chinese manufacturer, as a threat actor could abuse this feature for malicious purposes. In addition, the expert believes that the failure resides in the firmware, ruling out the possibility that the weakness is in the hardware.  

Xiaomi has not commented on this publication, so it is not known if the company will release any updates to fix this problem; the Chinese company has been launching smartphones with biometric scanners for at least three years, although no similar flaws have been reported in other models. It should be remembered that the Chinese company specializes in the development of mid-range and low-end devices with remarkable performance compared to smartphones created by other companies, so its popularity has increased in multiple parts of the world.

As a Chinese company, the cybersecurity community in the West watches with particular attention the flaws detected in Xiaomi products, as many Asian companies face prohibitions similar to those implemented against Huawei, ZTE, among others, as mentioned by experts of the exploit writing course.