Researchers find that Android phones are prone to new fingerprint attack

What you need to know

  • Chinese researchers have found that Android phones are vulnerable to new attacks.
  • Dubbed BrutePrint attack, it can unlock any Android phone which uses a fingerprint sensor for authentication.
  • It is done by brute forcing fingerprint images obtained by attackers to gain access to devices.

New research findings suggest Android phones are susceptible to fingerprint attacks (via Bleeping Computer).

Dubbed BrutePrint, these attacks seem to bypass user authentication and take control of your Android device, per researchers from Tencent Labs and Zhejiang University.

Fingerprint authentication on Android phones generally comes with safeguards, which are associated with users’ attempt limits as well as liveness detection, to protect against brute force attacks. The Chinese researchers, however, overcame these safeguards with two zero-day vulnerabilities dubbed Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).

BrutePrint attack diagram

(Image credit: BleepingComputer)

Further, the researchers have found that “biometric data on the fingerprint sensors’ Serial Peripheral Interface (SPI) were inadequately protected, allowing for a man-in-the-middle (MITM) attack to hijack fingerprint images,” the BleepingComputer report states.

Source by [author_name]

Leave a Comment