Based on a research paper from cybersecurity researchers at Tencent Labs and Zhejiang University, there is a means to “brute-force” fingerprints on Android smartphones, and with physical access to the smartphone and enough time, a hacker would be able to unlock the device.
According to the report, two zero-day vulnerabilities known as Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL) exist in Android devices (as well as those powered by Apple’s iOS and Huawei’s HarmonyOS).
The researchers were able to accomplish two things by exploiting these flaws: make Android enable an infinite number of fingerprint scanning attempts; and leverage databases obtained in academic datasets, biometric data dumps, and other comparable sources.
The attackers needed a few things to pull off the attacks: physical access to an Android-powered smartphone, enough time, and $15 in hardware.
The attack was dubbed “BrutePrint” by the researchers, who claim that it would take between 2.9 and 13.9 hours to break into an endpoint with only one fingerprint set up. They claimed that devices with numerous fingerprint recordings are substantially easier to break into, with the average time for “brute printing” ranging from 0.66 hours to 2.78 hours.
The experiment was carried out on ten “popular smartphone models” as well as two iOS devices. It’s current
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: