A buggy update for Nokia 9 PureView handsets has apparently impacted the smartphone model's in-screen fingerprint scanner, which can now be bypassed using unregistered fingerprints or even with something as banale as a pack of gum.
The update was meant to improve the phone's in-screen fingerprint scanner module --so that users won't have to press their fingers too hard on the screen before the phone unlocks-- yet it had the exact opposite effect the company hoped for.
While initially, the reported issues appeared to be new, a video recorded by another user showed the same problem (unlocking phones with unregistered fingerprints) even before the v4.22 update, meaning that the update just made the unlocking bug worse than it already was.
This means that rolling back the faulty v4.22 firmware update, or waiting on v4.21, won't fix the fingerprint scanner problems, as even before this patch, the scanner appeared to have a pretty high false negatives rate, allowing strangers to bypass the phone's screenlock.
A Nokia representative has not returned a request for comment, most likely due to the Easter extended holiday. It is unclear how long would Nokia take to roll out a proper fix.
In the meantime, users are advised to switched to another mode of authentication, such as using facial recognition, a PIN code, or a password.
This incident isn't Nokia's first problematic firmware update either. Last month, Nokia accidentally shipped a firmware update to Nokia 7 Plus devices that collected users' data and sent it to a server located in China. At the time, Nokia said the data collection component was designed for the Chinese market (to comply with local data collection laws), and was accidentally included in the firmware version deployed to EU users.
More vulnerability reports:
- Mobile app used in Car2go fraud scheme to steal 100 vehicles
- Kaspersky: 70 percent of attacks now target Office vulnerabilities
- Internet Explorer zero-day lets hackers steal files from Windows PCs
- Shopify API flaw offered access to revenue data of thousands of stores
- Microsoft loses control over Windows Tiles subdomain
- KRACK attack: Here's how companies are responding CNET
- Top 10 app vulnerabilities: Unpatched plugins and extensions dominate TechRepublic