This Brute-force Fingerprint Attack Could Break Into Your Android Phone

[ad_1]

There is a way to “brute-force” fingerprints on Android devices and with physical access to the smartphone, and enough time, a hacker would be able to unlock the device, a report from cybersecurity researchers at Tencent Labs and Zhejiang Unversity has claimed.

As per the report, there are two zero-day vulnerabilities present in Android devices (as well as those powered by Apple’s iOS and Huawei’s HarmonyOS), called Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).

By abusing these flaws, the researchers managed to do two things: have Android allow an infinite number of fingerprint scanning attempts; and use databases found in academic datasets, biometric data leaks, and similar.

Cheap hardware

To pull the attacks off, the attackers needed a couple of things: physical access to an Android-powered smartphone, enough time, and $15 worth of hardware.

The researchers named the attack “BrutePrint”, and claim that for a device that only has one fingerprint set up, it would take between 2.9 and 13.9 hours to break into the endpoint. Devices with multiple fingerprint recordings are significantly easier to break into, they added, with the average time for “brute-printing” being between 0.66 hours and 2.78 hours.

The researchers ran the test on ten “popular smartphone models”, as well as a couple of iOS devices. We don’t know exactly which models were vulnerable, but they said that on Android and HarmonyOS devices, they managed to achieve infinite tries. For iOS devices, however, they only managed to get an extra ten attempts on iPhone SE and iPhone 7 models, which is not enough to successfully pull off the attack. Thus, the conclusion is that while iOS might be vulnerable to these flaws, the current method of breaking into the device via brute force won’t suffice.

While this type of attack might not be that attractive to the regular hacker, it could be used by state-sponsored actors and law enforcement agencies, the researchers concluded.

Via: BleepingComputer

[ad_2]
#bruteforce #fingerprint #attack #break #Android #phone

This brute-force fingerprint attack could break into your Android phone

Leave a Comment Cancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

`Cops threatening our leaders`: Mamata Banerjee leads massive protest in Kolkata over post-poll violence

End of an era: Annamalai quits BJP; will he launch new nationalist movement?

CBSE revaluation portal under cyber siege, records 1.5 million attack attempts in 2 minutes

Opinion: Forgotten legacy of Pasi Kings – Kasmandi controversy as moment for historical justice

CBSE chairman and secretary transferred amid OSM controversy

DSC sports quota recruitment done transparently, says official

Purported audio of Zameer attempting ‘sabotage’ of bypolls goes viral

Brajesh Kumar Singh is MD & CEO of Canara Bank

Bengaluru police seize 100 vehicles, detain revellers during RCB victory celebrations

Traffic diversion for CM’s event leave commuters stranded in Tiruchi

Welcome

Categorys

Site Links