Researchers find way to bruteforce Android fingerprint unlock in record time


Researchers have found a way to bypass ten different phones’ fingerprint authentication by brute-forcing.

The bypass, which only works on Android devices, takes as little as 45 minutes and $15 worth of equipment to be performed. The bypass attack has been dubbed ‘BrutePrint’ by its creators, and it attempts a huge number of fingerprint guesses until one that unlocks the phone is found, as shared by Ars Technica.

The attack can unlock a phone in minutes by exploiting smartphone fingerprint authentication system vulnerabilities. It requires physical access to the target device and a $15 circuit board that connects to the fingerprint sensor. The attacker also needs a database of fingerprints, which can be obtained from research or real-world breaches.

Unlike password or PIN authentication, which requires an exact match, fingerprint authentication uses a reference threshold to determine a match. BrutePrint manipulates this threshold to increase the chances of finding an approximate match.

The researchers who developed BrutePrint tested it on ten smartphone models: Xiaomi Mi 11 Ultra, Vivo X60 Pro, OnePlus 7 Pro, OPPO Reno Ace, Samsung Galaxy S10+, OnePlus 5T, Huawei Mate30 Pro 5G, Huawei P40, Apple iPhone SE, Apple iPhone 7. They found that all eight Android models were vulnerable to BrutePrint, while the two iPhones were not. The iPhones encrypt fingerprint data differently than Android, which prevents BrutePrint from brute-forcing through. The iPhones also limit the number of guesses to 15, which reduces the success rate of BrutePrint, which relies on several guesses.

The researchers also measured how long it took for BrutePrint to unlock each device. The Samsung Galaxy S10+ was the fastest to unlock with BrutePrint, taking between 0.73 to 2.9 hours. The Xiaomi Mi 11 Ultra was the slowest, taking between 2.78 to 13.89 hours.

Check out the full report here.

Source: Ars Technica





Source link


Researchers have found a way to bypass ten different phones’ fingerprint authentication by brute-forcing.

The bypass, which only works on Android devices, takes as little as 45 minutes and $15 worth of equipment to be performed. The bypass attack has been dubbed ‘BrutePrint’ by its creators, and it attempts a huge number of fingerprint guesses until one that unlocks the phone is found, as shared by Ars Technica.

The attack can unlock a phone in minutes by exploiting smartphone fingerprint authentication system vulnerabilities. It requires physical access to the target device and a $15 circuit board that connects to the fingerprint sensor. The attacker also needs a database of fingerprints, which can be obtained from research or real-world breaches.

Unlike password or PIN authentication, which requires an exact match, fingerprint authentication uses a reference threshold to determine a match. BrutePrint manipulates this threshold to increase the chances of finding an approximate match.

The researchers who developed BrutePrint tested it on ten smartphone models: Xiaomi Mi 11 Ultra, Vivo X60 Pro, OnePlus 7 Pro, OPPO Reno Ace, Samsung Galaxy S10+, OnePlus 5T, Huawei Mate30 Pro 5G, Huawei P40, Apple iPhone SE, Apple iPhone 7. They found that all eight Android models were vulnerable to BrutePrint, while the two iPhones were not. The iPhones encrypt fingerprint data differently than Android, which prevents BrutePrint from brute-forcing through. The iPhones also limit the number of guesses to 15, which reduces the success rate of BrutePrint, which relies on several guesses.

The researchers also measured how long it took for BrutePrint to unlock each device. The Samsung Galaxy S10+ was the fastest to unlock with BrutePrint, taking between 0.73 to 2.9 hours. The Xiaomi Mi 11 Ultra was the slowest, taking between 2.78 to 13.89 hours.

Check out the full report here.

Source: Ars Technica





Source link

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Nissan considering Xterra revival; 'it's got to be authentic'

The revival and revitalization of classic off-roaders is proving to be very popular with buyers, and highly profitable with automakers, particularly with models...

The Xiaomi 14 Ultra is a photography nerd’s dream

For most people, the compact camera is long since dead; a camera is a phone and a phone is a camera. But despite...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!