Chinese researchers have cracked the fingerprint security of Android phones through a brute-force attack called BrutePrint. This allowed them to take control of the devices.
According to researchers from Tencent Labs and Zhejiang University, the developed BrutePrint attack bypasses user authentication of Android phones and takes over the device. The attack exploits two zero-day vulnerabilities, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), as well as the poor security of biometric data on the Serial Peripheral Interface (SPI) of the fingerprint sensors. This ultimately enables a man-in-the-middle (MITM) attack to hijack fingerprint images.
In a BrutePrint attack, an unlimited number of fingerprint images are sent to a device until there is a match. To carry out the attack, hackers need access to the affected device and a database of fingerprints available through academic datasets or biometric leaks. The necessary equipment costs only 15 dollars.
The CAMF vulnerability injects a checksum error into the fingerprint data to stop the authentication process at an earlier point in time. This allows hackers to ‘try out’ fingerprints without limit, while the security systems do not register failed attempts. The MAL vulnerability helps derive authentication results from fingerprint images that hackers try, even in ‘lockout’ mode after several wrong login attempts.
The last component is a neural style transfer system. This converts all fingerprint images in the database into prints scanned by the sensors, making them valid and increasing the chance of a successful breach.
Also Read: Nine million Android apps contain pre-installed malware.
