I want to know if it is possible for an attacker to somehow get the fingerprint.

A hash is stored in TEE of the fingerprint. No root / kernel control can get useful stuff from here. But what about the actual process when the device is compromised and the user puts his finger in the sensor. Is the os able to actually see it?

Here already some stuff i found.:

https://source.android.com/security/authentication/fingerprint-hal
https://support.google.com/pixelphone/answer/6300638?hl=en

The actual question is if an compromised device can actually get to hold the fingerprint or is the sensor directly connected to the TEE and only passes the info of a verified authentication. Or could the os manipulated in such a way that it can grab the fingerprint while on the Sensor?

    Also, note that in Pixels, the fuzzy hashes are stored in the secure element, not the TEE.

    Realistically, your fingerprint can be retrieved from other ways.

      MetropleX yes I'm aware of this thread. But what do you want to point at exactly? Hardware attestation can't help against runtime compromise.

      Wonderfall yes i know pixel store in the titan m chip. This is why I ask what other possibilities are available to get the print.

      @Nuttso We as humans leave our fingerprints everywhere. They can be on your phone screen, but really - almost everywhere you touch.

      It's very unlikely an attacker would put much efforts into extracting the fuzzy hashes from your phone (I say fuzzy because fuzzy matching is involved: your fingerprint doesn't stay the same from the moment you register it), let alone from a secure element.

      An attacker probably wouldn't even bother compromising an up-to-date Pixel to lure the user into sending them fingerprint data (which is another hard thing to pull off, since the sensor is directly connected to the secure element). It would take too much resources, and at this point, you have far worse things to worry about.

        Wonderfall im specifically asking if the fingerprint could be obtained by an 'remote attacker'. Not a physical available device.

        You sure the sensor is connected directly with the HSM? (Source for this please)

          I'll mark this thread as solved then, don't hesitate to ask if you have further questions.