Posted on May 21, 2023 at 5:45 PM

Android Smartphones Are Vulnerable To Exploits In Fingerprint Security System

Researchers based at Tencent Labs and Zhejiang University have created a new attack known as “BrutePrint.” The brute force attack targets the fingerprints on modern smartphones with the aim of bypassing user authentication and having control over a device.

Android smartphones are vulnerable to fingerprint brute force attacks

Chinese researchers were able to overcome the existing security systems in place on smartphones, including the attempt limit and the liveness detection, which usually prevent brute-force attacks. They did this by exploiting two zero-day vulnerabilities known as Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).

The technical paper detailing the vulnerabilities was published by Arxiv.org, and it detected that biometric data on the Serial Peripheral Interface (SPI) was not protected in the right manner. It also supported a man-in-the-middle (MITM) attack to access fingerprint images.

The BrutePrint and SPI MITM attacks were tested against ten of the most popular models, and it helped to achieve unlimited attempts on the Android and HarmonyOS (Huawei) devices. It also conducted ten more attempts on iOS devices.

The idea of BrutePrint will be to conduct unlimited fingerprint image submissions on the target device until the user-defined fingerprint has been matched. The attacker also needs to have physical access to the target device to unveil a BrutePrint attack and access a fingerprint database that can be academic datasets or biometric data leaks.

BrutePrint exists between the fingerprint sensor and the Trusted Execution Environment. It also exploits the CAMF vulnerability to manipulate the multi-sampling and error-canceling techniques that exist in the fingerprint security measure used by smartphones.

CMF will also deploy a checksum error on the fingerprint data to halt the authentication process before it can mature. The attacker can then try out several fingerprints on the target devices without it registering the failed attempts. This allows the hacker to make as many trials as they want.

The BrutePrint attack also comes with a “neural style transfer” system that will transform the fingerprint images within the database to make it appear as if the sensor in the target device has scanned them. This feature allows the images to appear authentic, and they have a better chance at success.

Researchers conduct tests on devices

Cybersecurity researchers have conducted tests on ten Android and iOS devices, and they found that these devices had at least one vulnerability. The tested Android devices also support many fingerprint attempts, whereby brute-forcing the user’s fingerprint and unlocking the device is possible when enough time is available.

On iOS devices, the authentication method used is more robust, and it helps prevent brute force attacks. Researchers have also said that iPhone 7 and iPhone SE are vulnerable to CAMF. However, hackers can only increase the trial amounts to 15, which is not enough to brute force the fingerprint of the device owner.

Researchers have also said that iPhone encrypts fingerprint data within the SPI so that the interception cannot have much value. The experiments conducted on the matter also indicate that it takes between 2.9 and 13.9 hours to complete a BrutePrint.