A serious vulnerability in the fingerprintsthe classic biometric authentication of Android phones, researchers from Zhejiang University and Tencent Labs found.
Called “BrutePrint», this brute force attack allows cybercriminals to bypass biometric fingerprint authentication and take control of the phone.
Brute force attacks are known for their trial and error method, where multiple combinations are attempted to crack codes or passwords and gain unauthorized access to protected systems. In this case, Chinese researchers managed to bypass existing protections in modern smartphones, exploiting two zero-day vulnerabilities called “Cancel-After-Match-Fail” (CAMF) and “Match-After-Lock” (MAL).
Inadequate protection of biometric data stored on the serial peripheral interface of fingerprint sensors allows attackers to steal fingerprint images. Samples can also be easily obtained from academic data sets or biometric data leaks.
Researchers tested BrutePrint and MITM SPI attacks on ten popular smartphone models. The results showed that the devices running Android and HarmonyOS (Huawei) were vulnerable to unlimited attemptswhile in iOS ten additional attempts were allowed, showing that an iPhone is much more efficient in terms of security and vulnerability of the system.
BrutePrint’s operation is based on send unlimited number of fingerprint images to the smartphone until a match is made with the user-defined fingerprint. However, this attack requires physical access to the computer, as well as a database of fingerprints that can be obtained from leaks or academic data sets.
Unlike the traditional brute force method of cracking passwords, the BrutePrint attack takes advantage of a reference threshold used in fingerprint matches. Attackers can manipulate the False Acceptance Rate (FAR) to increase the acceptance threshold and thus more easily generate matches.
The Zhejiang University researchers said the “unprecedented threat” they discovered requires beefed up operating system protections and greater cooperation between smartphone and fingerprint sensor manufacturers to address existing vulnerabilities.