Saturday, June 3, 2023
HomeSECURITYAndroid smartphones vulnerable to fingerprint brute force

Android smartphones vulnerable to fingerprint brute force


Android smartphones vulnerable to fingerprint brute force

Chinese scientists were able to pick up the user’s fingerprint in 3 hours, bypassing all security systems.

Research team from Tencent Labs and Jiangsu University introduced a new attack method called “BrutePrint”, which allows you to brute-force fingerprints on smartphones and bypass authentication to gain control of the device.

Chinese scientists were able to overcome the existing defense mechanisms on smartphones – limiting the number of attempts and detecting activity, which prevent brute-force attacks (brute force). To do this, experts used, as they themselves called, two zero-day vulnerabilities – Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).

BrutePrint attack scheme

The essence of BrutePrint is to send an unlimited number of fingerprint images to the target device until a match is found with the user’s fingerprint.

To launch a BrutePrint attack, an attacker needs to obtain:

  • physical access to the target device;
  • access to a fingerprint database that can be obtained from academic datasets or biometric data leaks;
  • necessary equipment, costing about $15.

Regarding software requirements:

  • BrutePrint exploits the CAMF vulnerability to disable a security system that logs failed unlock attempts. This provides the hacker with an infinite number of brute-force attempts;
  • The MAL vulnerability allows a hacker to enumerate fingerprints even if the device is locked after several failed login attempts.
  • The final component of the BrutePrint attack is the use of a “neural style transfer” system to transform all fingerprint images in the database so that they look like they were scanned by the device’s sensor. This makes the images valid and thus increases the chances of success.

The researchers conducted experiments on 10 Android and iOS devices and found that all of them are affected by at least one vulnerability. On iOS, authentication security is much more robust.

As for the MiTM attack on SPI-a fingerprint sensor interface that allows you to intercept images of the user’s fingerprint, all tested Android devices are affected by it, and the iPhone proved to be more reliable again. The researchers explain that the iPhone encrypts the fingerprint data on SPI, so any interception is of no value in the context of the attack.

Fingerprint Time

Experiments have shown that BrutePrint takes between 2.9 and 13.9 hours to complete successfully when a user enrolls one fingerprint. If multiple fingerprints are enrolled on the target device, enumeration time is reduced to 0.66 – 2.78 hours as the chance of creating matching images increases exponentially.

At first glance, BrutePrint may not seem like a very dangerous attack due to the need for long-term access to the target device. However, this attack is of great value to attackers and law enforcement.

A cybercriminal can unlock a stolen smartphone and extract valuable personal data, and in the case of the police, the attack raises questions about privacy rights and the ethics of using such techniques to bypass device security during investigations. The researchers also suggest software and hardware measures to address the vulnerabilities.

Source link


Please enter your comment!
Please enter your name here

Most Popular