The vulnerability, discovered by Synopsys CyRC, has since been fixed. But given that it was out in the wild for a while, there’s a slim chance that some bad actors could have gained access to your bitmap fingerprint image.
Researchers at CyRC reverse engineered sections of a sensitive trustlet code, which allowed them to figure out how to gain user privileges and trigger actions that revealed the fingerprints.
In theory, these fingerprint details should be hidden in the secure Trusted Execution Environment (TEE) but CyRC found a way to invoke a series of actions in the Rich Execution Environment (REE) that granted access to the raw images.
Related: Best Android phones
As you can see, it’s a fairly complex process to gain access to this image, which involves a hefty amount of component…