Researchers from Tencent Labs and Zhejiang University have found a way to bypass fingerprint readers in several popular Android smartphones. They published the results of their work in a long article and unfortunately reading it does not inspire optimism.
Fingerprint reader not so secure?
When biometrics came to smartphones, everyone breathed a sigh of relief. Using the fingerprint reader instead of entering a long code or pattern on the smartphone screen was much more convenient. The fingerprint reader is considered a very safe solution, it allows us to confirm identity and authorize e.g. card transactions as part of services such as Google Pay and Apple Pay. It also allows you to protect smartphone content from unauthorized access, and it seemed to be quite effective. Every now and then we hear about situations where the police or the prosecutor’s office cannot access the content of the phone because they do not know the password.
It turns out, however, that the fingerprint reader can be bypassed, and a rather simple brute-force method. Theoretically, this type of attack should not be possible, any smartphone will block you from accessing the reader if you fail to scan your finger more than 5 times. Initially, it will block access for a few seconds/minutes, and then it will extend this time. In some devices, you can even set the number of incorrect readings, after which the phone / tablet will reset itself and erase all data. However, it turns out that the brute-force protection mechanism does not work perfectly on Android smartphones. The researchers named their method BrutePrint.
How does the BrutePrint attack work?
This is certainly not a simple attack, because it requires building a special device (cost ~ 15 USD) and access to a large database of fingerprints, but as scientists prove in their extensive study is certainly feasible. Bypassing the reader lock mechanism after 5 failed attempts is possible thanks to two vulnerabilities: Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL). It turns out that in the tested Android smartphones it works very effectively because the communication between the reader and the secure element is not encrypted. It also doesn’t matter if we have an optical, ultrasonic or capacitive reader, everyone can be fooled. It is much more difficult in the iPhone, there is proper encryption here and with the help of these vulnerabilities we managed to increase the number of attempts from 5 to 15, but it is still not enough for a brute-force attack.
It should be remembered that fingerprint readers do not accurately record our fingerprint. What is kept in memory is only an approximate image, so by stuffing the reader with different fingerprints from hundreds or thousands of people, you can finally come across one that will be considered a match. According to the researchers’ estimates, it will take less than 3 to 14 hours to break the security, assuming that we have only one fingerprint memorized. If I have more fingerprints stored in the memory, the attack lasts much shorter, in extreme cases the protection was broken in 40 minutes.
What to do, how to live?
The BrutePrint attack described above looks very plausible and is certainly possible to carry out. However, it must be remembered that the attacker needs a lot of time to perform it, so it is not a threat that is relevant to everyone. I can imagine that it can be used, for example, by the relevant law enforcement authorities to gain access to the phone. It is also impossible not to notice that quite old phones were tested, the latest one had Android 11, so we do not know if newer models are no longer protected against such an attack, even in the way Apple does. Therefore, I would rather not panic, but for peace of mind, the spirit reduced the number of fingerprints stored in the phone’s memory to one or a maximum of two.
Source: AntyWeb by antyweb.pl.
*The article has been translated based on the content of AntyWeb by antyweb.pl. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!