What if the fingerprint reader of your mobile was not as secure as you think? That is what these researchers have shown.
He fingerprint reader from your Android mobile it might not be as safe as you think. Or, at least, that is what a group of researchers specialized in computer security, by testing the fingerprint recognition sensors included in various smartphone models.
To do this, they have developed a small device whose value taking into account the materials used does not add up to more than 15 dollars. Thanks to him, they have achieved bypass fingerprint lock of the vast majority of Android devices tested on about 45 minutes.
The fingerprint readers of most Android phones are susceptible to brute force attacks
The device in question, as explained in ArsTechnicahas been baptized as “gross print” and basically it works testing hundreds of fingerprint combinations in the sensor stored in a database, until the correct one is found.
In all, they have been tested ten different smartphonesincluding the Xiaomi Mi 11 Ultra, vivo X60 Pro, OnePlus 7 Pro, OPPO Reno Ace, Samsung Galaxy S10 Plus, OnePlus 5T, HUAWEI Mate 30 Pro 5G, HUAWEI P40, Apple iPhone SE and Apple iPhone 7, all featuring different types of fingerprint reader (capacitive, optical or ultrasonic).
The results were not exactly encouraging: all Android devices could be “hacked” using “BritePrint”, and to achieve this the researchers only needed between 45 minutes and 14 hours. In the case of iPhones, it was not possible to bypass the lock by fingerprint using this method.
The researchers believe that There are several factors that can influence in the time it takes to discover the correct fingerprint to unlock a device, such as the number of fingerprints stored on the device. Regarding the models analyzed, the Samsung Galaxy S10+ it was one of the first devices to be “hacked”, taking only between 0.73 and 2.9 hours.
Since the iOS devices have an encryption system which encrypts the fingerprint data, failed to use BrutePrint to unlock iPhone with Face ID system. For this reason, they suggest that device manufacturers should work together with the companies in charge of developing this type of sensor to strengthen security measures and prevent attacks from spreading using techniques of this type.