Skip to main content

Hackers Can Break Fingerprint Unlocking on Phones Within Hours

 


A recent report from cybersecurity researchers at Tencent Labs and Zhejiang University reveals a potential method to “brute-force” fingerprints on Android devices. If a hacker has physical access to the smartphone and sufficient time, they may be able to unlock the device.

CAMF and MAL

The report highlights the presence of two zero-day vulnerabilities named Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), which affect not only Android devices but also those running Apple’s iOS and Huawei’s HarmonyOS.

Through the exploitation of these vulnerabilities, the researchers successfully accomplished two objectives. Firstly, they bypassed the limit on the number of fingerprint scanning attempts allowed by Android, enabling an unlimited number of tries. Secondly, they leveraged databases sourced from academic datasets, biometric data leaks, and similar sources to enhance their attack methodology.

How it Works

In order to carry out these attacks, the perpetrators required a few key elements: physical possession of an Android smartphone, a sufficient amount of time, and hardware costing approximately $15.

The researchers coined the attack as “BrutePrint” and asserted that, for devices with a single fingerprint enrolled, it would take approximately 2.9 to 13.9 hours to breach the device’s security. Devices with multiple fingerprint records were found to be notably easier to compromise, with an average time for successful “brute-printing” ranging from 0.66 to 2.78 hours.

The researchers conducted their experiment on ten “popular smartphone models,” including a few iOS devices. Although the specific vulnerable models were not disclosed, the researchers reported that they were able to bypass the attempt limit and perform unlimited tries on Android and HarmonyOS devices.

iOS is Safer

However, for iOS devices, they were only able to gain an additional ten attempts on iPhone SE and iPhone 7 models, which proved insufficient to successfully carry out the attack. Consequently, while iOS may have potential vulnerabilities related to these flaws, the current method of brute-force entry is inadequate.

The researchers concluded that while this form of attack may not be appealing to typical hackers, it could be of interest to state-sponsored actors and law enforcement agencies.

Comments

Popular posts from this blog

Meta Creates New AI Tool That Recognizes Over Than 4,000 Languages

  Introduced as the Massive Multilingual Speech (MMS) project, the AI tool is built with the goal to protect and preserve languages and is now available to the public Imagine a tool that can translate whatever you write into over 4000 different languages, sounds unreal right? Well, Meta, the parent company of Facebook and Instagram has announced that its AI tool named the Massive Multilingual Speech (MMS) project can now recognize over 4000 languages. According to Meta, the Massive Multilingual Speech (MMS) AI tool is created with the goal to preserve and protect languages, and their diversity and foster research. Data suggests that there are around 573 known extinct languages in the world, some of which were major languages used by massive communities in the ancient world. Access to these languages would have helped us decipher lost knowledge and historical facts. Earth is home to more than 7,000 languages, however, around 2,900 or 41% of these languages are endangered, which mean...

Adobe Launches Generative AI Features for Photoshop

  One of the most anticipated AI features being added to Adobe Photoshop is the “Generative Fill”, which allows users to extend and add image features based on a text input American Multinational computer software company Adobe Inc’, which has nearly 100 successful computer software, has announced that after about six weeks of standalone testing, it is now releasing generative AI features on one of its most famous software, Adobe Photoshop. While making the announcement, Adobe said that the addition of generative AI features in Adobe Photoshop would be the start of a major push in which the company plans to add multiple different AI features to all of its software thus helping creative individuals have a much faster and easier workflow. Adobe would not be the first company to integrate or create an image-generating AI since many other AI models such as the Dall-E or Midjourney have gained popularity amongst users, however, they are still not being used by large organizations primar...

Bank of Punjab Offering Multiple Job Opportunities in Pakistan

  The Bank of Punjab, a leading financial institution in Pakistan, has recently announced several job openings, providing an exciting opportunity for individuals seeking employment. With its commitment to excellence and innovation in the banking sector, the Bank of Punjab is looking to recruit qualified candidates who can contribute to the bank’s ongoing growth and success. The bank follows a fair and unbiased selection process, ensuring equal opportunity employment without any discriminatory bias. Equal Opportunity Employment: The Bank of Punjab prioritizes Equal Opportunity Employment, emphasizing a selection process that is free from discrimination. The bank considers candidates’ academic qualifications, skills, experience, and talent to select and appoint staff members. This approach ensures that all individuals, regardless of their background, have an equal chance to pursue a career at the bank. Career Development Programs: To prepare its employees for the challenges of the wo...