BrutePrint: $15 Tool Unlocks Almost All Androids

Fake fingerprints they can be used to unlock some phones , according with Yu Chen of Tencent and Yiling He of Zhejiang University.

The discovered that two 0day vulnerabilities that exist in the fingerprint authentication framework of almost all smartphones can be exploited to unlock Android devices.

fingerprint bruteforce implementation

Η it was called BrutePrint. It requires a $15 board with a microcontroller, an analog switch, and an SD flash card. The attacker would also need to be in possession of the victim's smartphone for at least 45 minutes and a fingerprint database is also required.

Οι ερευνητές εξέτασαν οκτώ τηλέφωνα Android - Xiaomi Mi 11 Ultra, Vivo X60 Pro, OnePlus 7 Pro, OPPO Reno Ace, Samsung Galaxy S10+, OnePlus 5T, Huawei Mate30 Pro 5Gand Huawei P40 - και δύο iPhone - iPhone SE και iPhone 7.

Smartphones allow a limited number of fingerprint attempts, but BrutePrint can bypass this limit. THE fingerprint authentication does not need a direct match between the entered values ​​and the database value. Uses a reference boundary to specify a match. So a malicious user can take advantage of this by trying different inputs until they use an image that closely resembles the one stored in the fingerprint database.

The attacker would need to remove the back cover of the phone to connect the $15 board and carry out the attack. The researchers were able to unlock all eight Android phones using the method. Once a phone is unlocked, it can be used to authorize payments.

This particular method does not work on iPhones because iOS encrypts the data.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.
Android, BrutePrint

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).