The firm says the phone kept all scanned fingerprints as unencrypted files that any app could read if it knew where to look.
HTC has fixed the bug, "in all regions," following the report. The One Max had been storing the fingerprint data as a specialized bitmap image file, but FireEye was able to easily reconstruct the images to have full scans of the print.
There were worries that other phones may have been affected, but FireEye only named the One Max. Samsung, for their part, says they have spoken with FireEye and reviewed their devices with fingerprint readers, which have all been cleared.
Written by: Andre Yoskowitz @ 11 Aug 2015 20:31