Inexpensive tool can be used to easily break into Android phones

Inexpensive device can be used to easily break into Android phones
Fake fingerprints can be used to unlock some Android phones, according to Tencent's Yu Chen and Zhejiang University's Yiling He (via Ars Technica).

The researchers have discovered that two zero-day vulnerabilities which are present in the fingerprint authentication framework of nearly all smartphones can be exploited to unlock Android handsets.

The attack has been named BrutePrint. It requires a $15 circuit board with a microcontroller, analog switch, SD flash card, and board-to-board connector. The attacker will also need to be in possession of the victim's smartphone for at least 45 minutes and a database of fingerprints will also be required.

Android phones can be hacked in as little as 45 minutes

The researchers tested eight Android phones - Xiaomi Mi 11 Ultra, Vivo X60 Pro, OnePlus 7 Pro, OPPO Reno Ace, Samsung Galaxy S10+, OnePlus 5T, Huawei Mate30 Pro 5G and  Huawei P40 - and two iPhones - iPhone SE and iPhone 7.

Smartphones allow for a limited number of fingerprint attempts but BrutePrint can bypass that limit. The fingerprint authentication process doesn't need a direct match between the inputted values and the database value. It uses a reference threshold to determine a match. A bad actor can take advantage of this by trying different inputs until they use an image that closely resembles the one stored in the fingerprint database.

The attacker will need to remove the back cover of the phone to attach the $15 circuit board and carry out the attack. The researchers were able to unlock all eight Android phones using the method. Once a phone is unlocked, it can also be used to authorize payments.

The entire process can take anywhere between 40 minutes and 14 hours, depending on factors such as the fingerprint authentication framework of a particular model and the number of fingerprints saved for authentication.

The Galaxy S10+  took the least amount of time to give in (0.73 to 2.9 hours), whereas the Mi 11 took the longest (2.78 to 13.89 hours).

iPhone is safe because iOS encrypts data

Smartphone fingerprint authentication uses a serial peripheral interface to connect a sensor and the smartphone chip. Since Android does not encrypt data, BrutePrint can easily steal images stored in target devices.

Recommended Stories
Security Boulevard says that owners of new Android phones need not worry as the attack will likely not work on phones that follow Google's latest standards.

Yu Chen and Yiling He have recommended several changes to foil these attacks such as addressing attempt-limiting bypasses and encrypting data sent between the fingerprint reader and the chipset.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless