This was recently revealed by FireEye researchers Tao Wei and Yulong Zhang who will be presenting their research at the upcoming Black Hat conference in Las Vegas. According to the duo, it seems that the lackluster fingerprint security is attributed mainly to Android devices that have fingerprint sensors.
Both researchers tested their method and confirmed this one devices such as the HTC One Max and the Samsung Galaxy S5. It would seem that this is possible as both OEMs did not fully lock down the sensor, thus granting hackers access to fingerprint information. Thankfully OEMs who were affected by this have since patched the issues after being notified by the researchers.
The researchers also declined to play favorites in terms of saying which OEM had the best protection/security, but they did note that as far as Apple’s Touch ID is concerned, it is relatively secure due to the system encrypting fingerprint data from the scanner itself, which according to Zhang, “Even if the attacker can directly read the sensor, without obtaining the crypto key, [the attacker] still cannot get the fingerprint image.”