Android Phones Exposed to Fingerprint Brute-Force Attacks

23-May-23

Researchers from Tencent Labs and Zhejiang University have unveiled the ‘BrutePrint’ assault, which was just recently introduced. This attack methodology uses current cellphones to apply brute-force techniques, enabling the circumvention of user identification via fingerprint recognition. Unauthorised people subsequently take control of the targeted device.

Researchers tested out devices running Android, iOS, and HarmonyOS, but only Android phones were shown to be vulnerable to attacks. By using two zero-day vulnerabilities, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), the researchers were able to get beyond the protections already in place on cellphones.

Read More…