There are various tasks which are done through smart phones such as playing games and surfing the web and also deals with the private information and financial data. Therefore, there is a reliable mechanism which is required to verify the identity of a person who tries to use the device. However, in order to address these issues, fingerprint recognition is now being used for many smart phones.
Fingerprint recognition is used both for unlocking a smart phone and also for activating the other security which is very much critical functionalities in the smart phone. Therefore, it is very crucial to secure the fingerprint recognition service from possible threats such as intercepting a fingerprint image between an image sensor and a fingerprint recognition application and stealing the fingerprint data which is stored in a smart phone.
First attack is to enable a malicious application to acquire the fingerprint image of the owner of the victimized smart phone by accessing the memory space that the fingerprint recognition service application uses to temporarily store to the image. To be very much precise, when a client application requests the service application to do fingerprint authentication, the service application activates a component which deals with the image of a scanned fingerprint. This component has been designed so that it calls back an event handler in the client application with a particular reference to the memory location containing few images.
Second attack is to extract a stored template from the non volatile memory which helps in restoring fingerprint feature points by decoding the template. By identifying and analyzing the fingerprint service application on the target device, there are few identified location of the stored template. Discovering different templates are encrypted, in the same key and initial vector are hard-coded and are almost the same for all devices. It implies that a carefully forged template according to the file structure also may pass the authentication test.