Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max.
The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open “world readable” folder.
Awesome — can’t wait for the HTC support article on how to reset my fingerprints!
Source: HTC caught storing fingerprints AS WORLD-READABLE CLEARTEXT • The Register