This brute-force fingerprint attack could break into your Android phone

There is a way to “brute-force” fingerprints on Android devices and with physical access to the smartphone , and enough time, a hacker woul...

There is a way to “brute-force” fingerprints on Android devices and with physical access to the smartphone, and enough time, a hacker would be able to unlock the device, a report from cybersecurity researchers at Tencent Labs and Zhejiang Unversity has claimed.

As per the report, there are two zero-day vulnerabilities present in Android devices (as well as those powered by Apple’s iOS and Huawei’s HarmonyOS), called Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL). 

By abusing these flaws, the researchers managed to do two things: have Android allow an infinite number of fingerprint scanning attempts; and use databases found in academic datasets, biometric data leaks, and similar.

Cheap hardware

To pull the attacks off, the attackers needed a couple of things: physical access to an Android-powered smartphone, enough time, and $15 worth of hardware.

The researchers named the attack “BrutePrint”, and claim that for a device that only has one fingerprint set up, it would take between 2.9 and 13.9 hours to break into the endpoint. Devices with multiple fingerprint recordings are significantly easier to break into, they added, with the average time for “brute-printing” being between 0.66 hours and 2.78 hours.

The researchers ran the test on ten “popular smartphone models”, as well as a couple of iOS devices. We don’t know exactly which models were vulnerable, but they said that on Android and HarmonyOS devices, they managed to achieve infinite tries. For iOS devices, however, they only managed to get an extra ten attempts on iPhone SE and iPhone 7 models, which is not enough to successfully pull off the attack. Thus, the conclusion is that while iOS might be vulnerable to these flaws, the current method of breaking into the device via brute force won’t suffice. 

While this type of attack might not be that attractive to the regular hacker, it could be used by state-sponsored actors and law enforcement agencies, the researchers concluded. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/oiy2Z4e
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This brute-force fingerprint attack could break into your Android phone
This brute-force fingerprint attack could break into your Android phone
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/05/this-brute-force-fingerprint-attack.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/05/this-brute-force-fingerprint-attack.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy