Now Reading
LG V10’s fingerprint security is not that secure
0

LG V10’s fingerprint security is not that secure

by Vyncent ChanFebruary 14, 2016

If you are one of the few people who actually splurged your hard-earned moolah on a LG V10, you definitely want to watch this video. The LG V10’s fingerprint security features a flaw that allows anyone to add a new fingerprint to your device.

ARVE Error: id and provider shortcodes attributes are mandatory for old shortcodes. It is recommended to switch to new shortcodes that need only url

Now, wait a second. Don’t you have to enter the PIN or a previously authorized fingerprint to save a new fingerprint profile? Yeah, but it is bypassed in this little bug.

To exploit this bug, the device must have Nova Launcher installed. Then a Nova Action Activity widget linking to “com.lge.fingerprintsettings” is to be added to the homescreen.

LG V10 fingerprint security exploit

After adding it to the homescreen, you just have to tap the widget to add a new fingerprint profile. No further security authorization needed.

LG V10 fingerprint security exploit 2

Of course this only works if the LG V10 in question hasn’t have all four fingerprint profiles occupied by the actual owner. Attempting to add a fifth profile will be futile.

To fix this bug before LG pushes out an official patch, all you have to do is to occupy all four fingerprint profiles and just avoid using Nova Launcher. The solution is simple but coming from LG which touts enterprise-class security, this bug is very worrying.

It seems Nova Launcher is not just limited to exploiting this bug but can also be used to unlock a “hidden menu” which offers more options to customize the LG V10’s second display.

ARVE Error: id and provider shortcodes attributes are mandatory for old shortcodes. It is recommended to switch to new shortcodes that need only url

Matt OnYourScreen is the one behind these videos so do check him out!

 

Pokdepinion: The LG V10 is a premium device and to see this kind of simple bug on it is kind of sad. However it seems that this bug was also previously found on Samsung device but no one actually publicized it. It is probably the OEMs’ fault for not securing the fingerprint feature on Android 5.1 Lollipop, as Lollipop does not offer native support for fingerprint security, thus any support for fingerprint security is added by the OEMs themselves.

What's your reaction?
TMM
0%
Me Gusta
0%
Potato
0%
Sad Reacc
0%
Angery
0%
About The Author
Vyncent Chan
Technology enthusiast, casual gamer, pharmacy student.

Leave a Response