Chinese researchers have cracked the fingerprint security of Android phones through a brute-force attack: BrutePrint. This allowed them to take control of the devices.
According to researchers from Tencent Labs and Zhejiang University, the developed BrutePrint attack allows hackers to bypass user authentication of Android phones and take over the device.
They found that not only exploiting two zero-day vulnerabilities, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), can bypass existing security measures on Android phones. The biometric data on the Serial Peripheral Interface (SPI) of the fingerprint sensors is also poorly secured. This ultimately enables a man-in-the-middle (MITM) attack to hijack fingerprint images.
Properties BrutePrint attack
In a BrutePrint attack, an unlimited number of fingerprint images are sent to a device until there is a match. To carry out the attack, hackers need access to the affected device and a database of fingerprints available through academic datasets or biometric leaks. The necessary equipment costs only 15 dollars.
The CAMF vulnerability injects a checksum error into the fingerprint data to stop the authentication process at an earlier point in time. This allows hackers to ‘try out’ fingerprints without limit, while the security systems do not register failed attempts.
The MAL vulnerability helps derive authentication results from fingerprint images that hackers try. Also in ‘lockout’ mode after several wrong login attempts.
The last component is a neural style transfer system. This should convert all fingerprint images in the database into prints scanned by the sensors. This makes these images valid and increases the chance of a successful breach.
Read also: 9 million Android devices contain pre-installed malware