Android phones are vulnerable to fingerprint brute-force attacks

21-May-23

BrutePrint,’ a novel technique developed by researchers at Tencent Labs and Zhejiang University, brute-forces fingerprints on current smartphones to get through user authentication and take over the device. Brute-force assaults use numerous trial-and-error attempts to decipher a code, key, or password in order to obtain access to accounts, systems, or networks without authorization.

Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), which the Chinese researchers claim are two zero-day vulnerabilities, allowed them to circumvent existing defences on smartphones, such as attempt limits and liveness detection that defend against brute-force attacks. Ten prominent smartphone models were tested using brute-force and SPI MITM attacks, which were successful with limitless attempts on all Android and HarmonyOS (Huawei) smartphones and ten additional attempts on iOS devices.BrutePrint.

Read More…