Huge security flaw with fingerprint protection

Efuveo · 22 July 2019 01:21

Hi,

I used to protect the app by simply enabling fingerprints scan and thought this was safe.

However, after dropping my phone, the fingerprint sensor got disconnected from my phone’s motherboard and Monzo would simply open without any protections.

This means that if my phone gets stolen and the thief can access my Monzo app, he simply have to disconnect the sensor from my phone and can do whatever he wants with my account.

I would suggest forcing us to set a PIN code in case the sensor fails, or having us to log in again.

kolok · 22 July 2019 04:22

What happens when you try and transfer some money?
Or view your long card number?

Does your phone default to pin/pattern on your lockscreen now or did it just stay unlocked ?

Chapuys · 22 July 2019 04:24

I feel this is a phone software issue rather than a Monzo software issue. It looks like the phone automatically removes the sensor lock if it fails without falling back to a passcode unlike an iPhone which automatically falls back to a passcode if TouchID/FaceID fails.

kolok · 22 July 2019 04:28

Plus I suspect it will ask for the pin for authorisation now that the app thinks there is no fingerprint sensor,

OP, is the use fingerprint to unlock app still on in settings?

gmclean · 22 July 2019 07:33

What make of phone?

Reena · 22 July 2019 09:14

Obviously it’s not an iPhone, which means it’s any phone that runs Android. But yes, would be good to know what actual phone it is.

Topic		Replies	Views
[Bug/Improvement][Android] Android Fingerprint unlock - Phone PIN code backup Feedback & Ideas	5	2402	13 November 2019
Fingerprint Login Improvement Feedback & Ideas	11	1669	23 August 2019
App security using a pin Feedback & Ideas	10	3976	14 October 2017
Fingerprint access Help	19	1503	17 January 2019
[Android/iOS] Fingerprint app lock automatically disabled Bug Reports	25	4022	2 March 2019

Huge security flaw with fingerprint protection

Related topics