Buzz
(Homeland) - Cyber attackers can exploit security vulnerabilities to execute attacks facilitating easy phone unlocking.
A security loophole in the fingerprint authentication system of most new Android smartphones has been uncovered by two research experts, Yu Chen from Tencent and Yiling He from Zhejiang University (China). Hackers can leverage this vulnerability to conduct BrutePrint attacks to unlock devices.
The researchers utilized a $15 circuit board to test unlocking on 8 Android models and 2 iPhone models, including Xiaomi Mi 11 Ultra, OPPO Reno Ace, Samsung Galaxy S10+, OnePlus 5T, Huawei Mate30 Pro 5G, Vivo X60 Pro, OnePlus 7 Pro, Huawei P40, iPhone SE, and iPhone 7.
The circuit board designed to bypass fingerprint security on smartphones comprises a microcontroller, analog switch, SD card, and circuit board connectors.
Smartphones will be locked if fingerprint attempts exceed the allowed limit. However, if the fingerprint is close enough to match the stored data, the device will still unlock as fingerprint verification does not require a perfect match between the input and stored fingerprints. Therefore, the BrutePrint attack can bypass this limitation.
In the experimentation conducted by two researchers, the successful unlock times for each Android smartphone varied. Oppo achieved the fastest result, taking only 40 minutes. Samsung models ranged from 73 minutes to 2.9 hours. The Android model that consumed the most time was the Mi 11 Ultra, taking a staggering 13.89 hours.
However, when it comes to iPhones, their devices faced failure. BrutePrint attacks couldn't access the fingerprint database on iPhones because Apple encrypted users' biometric data.
BrutePrint attacks may prove inefficient on Android phones with the latest security updates, reassuring users of modern Android devices that there's no need to worry.
