A recently introduced attack named 'BrutePrint' has been presented by researchers from Tencent Labs and Zhejiang University. This attack method involves the application of brute-force techniques on modern smartphones, enabling the bypassing of user authentication through fingerprint recognition. As a result, unauthorized individuals gain control over the targeted device.
Researchers experimented with Android, iOS, and HarmonyOS-based smartphones, however, only Android phones were found susceptible to attacks.
Diving into details
The researchers were able to circumvent existing safeguards on smartphones by leveraging two zero-days - Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).
The researchers discovered that the biometric data transmitted through the fingerprint sensors' Serial Peripheral Interface (SPI) lacked adequate protection, rendering it vulnerable to a Man-in-the-Middle (MITM) attack.
Consequently, this vulnerability allowed the hijacking of fingerprint images.
Modus operandi
This attack can be pulled off by criminals only if they obtain physical access to the mobile device.
An attacker can exploit CAMF to manipulate fingerprint authentication mechanisms, allowing for unlimited fingerprint submissions.
The MAL flaw enables inference of authentication results even in "lockout mode."
By utilizing a neural style transfer system, the attack transforms fingerprint images in the database to resemble the target device's sensor scans, increasing the chances of successful authentication.
The bottom line
While the BrutePrint attack may appear less concerning at first glance, as it necessitates prolonged access to the targeted device, its implications should not be underestimated. For criminals, this attack presents an opportunity to unlock stolen devices and freely access valuable private data, posing a significant threat to individuals' privacy and security.