If you thought that the fingerprint recognition system of your Android mobile was secure, then you will be interested to know about the discovery made in the last few hours. Because a team of experts has shown that, by investing a ridiculous amount of money, it is possible to bypass this protection and access any terminal equipped with the Google operating system. Should we worry?
BrutePrint is the name with which researchers from Zhejiang University and Tencent Labs have baptized the system they have invented with which they can access Android mobiles bypassing fingerprint protection. Through a simple method, they now have the ability to dismantle the ironclad security that millions of people rely on.
Use brute force
The name of the system is no coincidence: it is a process that works with brute force and unlocks the mobile “hard way”. After several tests, the researchers responsible for the study have shown that, by using the CAMF (Cancel-After-Match-Fail) and MAL (Match-After-Lock) vulnerabilities, they can penetrate all Android mobiles, which But they try.
What is most worrying is that they have not only put these brute force methods into practice, but also found vulnerabilities in the fingerprint recognition environment itself. Thus, they have tried MITM attacks to be able to circumvent the fingerprint security in an alternative way. This shows that fingerprint recognition systems have serious security issues and manufacturers will have to work together so that this does not become a major risk.
Which mobiles have you tried?
When conducting the study, which has been published in ArXiv, it was important to have maximum diversity of results to verify that what they discovered was genuine. For this reason, they have conducted tests and fingerprint attacks on ten of the most popular Android and HarmonyOS devices and several other iOS-powered models. In a moment of truth, their findings showed that iPhones, including variants like the iPhone SE or the iPhone 7, have a stronger level of security. One of the main differences has been found in the way Apple terminals block brute force attacks after multiple attempts prevent them from succeeding.
It has been observed that iOS terminals can be vulnerable to CAMF attacks, but due to this blocking, researchers have not been able to put their system into practice once several tests have been performed. Quite the opposite has happened with Android mobiles, as unlimited number of attempts are allowed and finally, overcoming the fingerprint security lock is a matter of time. In cases where the mobile has only one recorded fingerprint, the time period is between 2.9 and 13.9 hours. If there is more than one footprint, these margins reduce significantly to an average of between 0.66 and 2.78 hours, as it is easier for the system to overcome any one of the access barriers.
How does this work?
The system they have designed requires the attacker to have access to the victim’s mobile. Apart from this, two things are necessary. The first of these is to have a database of fingerprints that is accessible to hackers in different ways than the usual ones. The second is about the specific equipment that must be used to carry out the attacks, but surprisingly it costs only $15 (about 12 euros).
The technology used by this system involves repeating fingerprint recognition attempts on the target mobile using the error reached by the terminal and prevents the failed attempts from being recorded. In this way, the attack can continue to generate traces until the key needed to unlock it is found. Apart from this, they also use the MAL system, which we mentioned earlier, with the intention of spoofing the mobile so that it is not blocked in the process of login attempts.
This equation also works as a system that is equipped with BrutePrint attack with which the fingerprint of the database being used is modified to try to match it more accurately with the fingerprint stored in the mobile. This simplifies the process and reduces the time it takes to get past defenses.
However, since it is necessary to have access to the attacker’s mobile, it seems that this search will not be as dangerous as one might imagine. Of course, possibly this will give hackers more ideas to develop new techniques in the future.