Image credit : android.gadgethacks.com
A group of researchers from Tencent Labs and Zhejiang University have discovered a way to bypass the fingerprint lock on Android smartphones using a technique known as a brute-force attack. This type of attack involves making a large number of attempts to guess a password, code, or other security measure.
According to Bleeping Computer, it was also found that the biometric data on the Serial Peripheral Interface (SPI) of the fingerprint sensors lacked thorough security, making it possible for a man-in-the-middle (MITM) attack to steal the fingerprints.
Android phones typically have built-in protections against brute-force attacks, such as limiting the number of login attempts and employing liveness detection. However, the researchers were able to bypass these safeguards by exploiting two previously unknown vulnerabilities referred to as Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).
In addition, the researchers found that the biometric data stored on the fingerprint sensors’ Serial Peripheral Interface (SPI) lacked comprehensive protection, making it susceptible to a man-in-the-middle (MITM) attack, which could potentially allow an attacker to steal fingerprints.
The researchers conducted their tests, named BrutePrint, on ten popular smartphone models. They were able to perform an unlimited number of fingerprint login attempts on Android and HarmonyOS (Huawei) phones. In contrast, iOS devices fared better by allowing only ten additional attempts on devices such as the iPhone SE and iPhone 7, making it significantly more difficult to execute a brute-force attack.
All Android devices were found to be vulnerable to the SPI MITM attack, but this method proved ineffective against iPhones.
The analysis revealed that the BrutePrint attack could successfully break into a device with only one registered fingerprint in a time span ranging from 2.9 to 13.9 hours. Devices with multiple fingerprints were easier to compromise, as the attacker had a higher chance of finding a match, reducing the success time to approximately 0.66 to 2.78 hours.
Also read : HUAWEI HARMONYOS CONTINUES TO ATTACK ANDROID AND IOS MARKET SHARE
It’s important to note that executing this attack is not straightforward. It requires physical access to the targeted phone, a considerable amount of time, and access to a fingerprint database obtained through biometric data leaks or academic datasets. Additionally, some hardware is necessary, but it is relatively inexpensive, costing around $15. However, this technique could potentially be utilized by law enforcement or state-sponsored actors.