Researchers from Tencent Labs and Zhejiang University presented a new attack called “BrutePrint” that forces fingerprints on modern smartphones to bypass user authentication and take control of the device.
Attacks of this type rely on a lot of trial and error to crack a code, key or password and gain unauthorized access to accounts, systems or networks.
Chinese researchers have managed to bypass existing smartphone safeguards such as retry limits and detection that protect against brute-force attacks by exploiting what they claim are two zero-day vulnerabilities, namely Cancel-After-Match- Fail (CAMF) and Match-After-Lock (MAL).
Which Android devices are vulnerable to this type of attack
The authors of the technical paper published on Arxiv.org also found that the biometric data on the serial peripheral interface (SPI) of the fingerprint sensors was inadequately protected, allowing a man-in-the-middle attack ( MITM) to hijack fingerprint images.
:format(webp):quality(100)/https://playtech.ro/wp-content/uploads/2023/05/bruteprint.jpg)
The BrutePrint and SPI MITM attacks were tested against ten popular smartphone models, performing unlimited attempts on all Android and HarmonyOS (Huawei) devices and an additional ten attempts on iOS devices.
The idea of BrutePrint is to perform an unlimited number of fingerprint image submissions to the target device until the user-defined fingerprint is matched.
The attacker needs physical access to the target device to launch a BrutePrint attack, access to a database of fingerprints that can be acquired from academic datasets or biometric data leaks, and the necessary equipment, which costs about $15.
The researchers ran experiments on ten Android and iOS devices and found that all were vulnerable to at least one flaw.
:format(webp):quality(100)/https://playtech.ro/wp-content/uploads/2023/05/devices.jpg)
The tested Android devices allow infinite fingerprint attempts, so brute forcing the user’s fingerprint and unlocking the device is practically possible if you have enough time.
On iOS, however, authentication security is much more robust, effectively preventing brute force attacks.
:format(webp):quality(100)/https://playtech.ro/wp-content/uploads/2023/05/results.jpg)
Although researchers found iPhone SE and iPhone 7 vulnerable to CAMF, they could only increase the number of fingerprint tests to 15, which is not enough to brute force the owner’s fingerprint.
