HTC storing fingerprints in cleartext

Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max.

The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open “world readable” folder.

Awesome — can’t wait for the HTC support article on how to reset my fingerprints!

Source: HTC caught storing fingerprints AS WORLD-READABLE CLEARTEXT • The Register