One of the features that we've become accustomed to with our modern mobile devices is that of a fingerprint reader. Both iOS and Android provide access to the hardware fingerprint reader through APIs exposed to developers. The fingerprint APIs can be used correctly and incorrectly, with insecure coding resulting in authentication bypasses and information leakage. This talk will demonstrate how the APIs and underlying technologies work, how you can use them correctly and incorrectly, and how a malicious actor may attack the fingerprint APIs. This talk will involve code, tools and iOS and Android test applications to demo.
Jack is the CEO at nVisium and loves solving problems in the field of application security. With over 15 years of experience building, breaking, and securing software, he founded nVisium in 2009 to invent new and more efficient ways of protecting software. In his spare time, he loves to play with new frameworks and technologies, especially things that run Android and code written in Scala. He’s also an optimistic New York Mets fan, although that optimism slowly fades away every summer (but hopefully not this year).