Skip to main content

Hackers Can Break Fingerprint Unlocking on Phones Within Hours

 


A recent report from cybersecurity researchers at Tencent Labs and Zhejiang University reveals a potential method to “brute-force” fingerprints on Android devices. If a hacker has physical access to the smartphone and sufficient time, they may be able to unlock the device.

CAMF and MAL

The report highlights the presence of two zero-day vulnerabilities named Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), which affect not only Android devices but also those running Apple’s iOS and Huawei’s HarmonyOS.

Through the exploitation of these vulnerabilities, the researchers successfully accomplished two objectives. Firstly, they bypassed the limit on the number of fingerprint scanning attempts allowed by Android, enabling an unlimited number of tries. Secondly, they leveraged databases sourced from academic datasets, biometric data leaks, and similar sources to enhance their attack methodology.

How it Works

In order to carry out these attacks, the perpetrators required a few key elements: physical possession of an Android smartphone, a sufficient amount of time, and hardware costing approximately $15.

The researchers coined the attack as “BrutePrint” and asserted that, for devices with a single fingerprint enrolled, it would take approximately 2.9 to 13.9 hours to breach the device’s security. Devices with multiple fingerprint records were found to be notably easier to compromise, with an average time for successful “brute-printing” ranging from 0.66 to 2.78 hours.

The researchers conducted their experiment on ten “popular smartphone models,” including a few iOS devices. Although the specific vulnerable models were not disclosed, the researchers reported that they were able to bypass the attempt limit and perform unlimited tries on Android and HarmonyOS devices.

iOS is Safer

However, for iOS devices, they were only able to gain an additional ten attempts on iPhone SE and iPhone 7 models, which proved insufficient to successfully carry out the attack. Consequently, while iOS may have potential vulnerabilities related to these flaws, the current method of brute-force entry is inadequate.

The researchers concluded that while this form of attack may not be appealing to typical hackers, it could be of interest to state-sponsored actors and law enforcement agencies.

Comments

Post a Comment

Popular posts from this blog

Meta Creates New AI Tool That Recognizes Over Than 4,000 Languages

  Introduced as the Massive Multilingual Speech (MMS) project, the AI tool is built with the goal to protect and preserve languages and is now available to the public Imagine a tool that can translate whatever you write into over 4000 different languages, sounds unreal right? Well, Meta, the parent company of Facebook and Instagram has announced that its AI tool named the Massive Multilingual Speech (MMS) project can now recognize over 4000 languages. According to Meta, the Massive Multilingual Speech (MMS) AI tool is created with the goal to preserve and protect languages, and their diversity and foster research. Data suggests that there are around 573 known extinct languages in the world, some of which were major languages used by massive communities in the ancient world. Access to these languages would have helped us decipher lost knowledge and historical facts. Earth is home to more than 7,000 languages, however, around 2,900 or 41% of these languages are endangered, which mean...
Post a Comment
Read more

Adobe Launches Generative AI Features for Photoshop

  One of the most anticipated AI features being added to Adobe Photoshop is the “Generative Fill”, which allows users to extend and add image features based on a text input American Multinational computer software company Adobe Inc’, which has nearly 100 successful computer software, has announced that after about six weeks of standalone testing, it is now releasing generative AI features on one of its most famous software, Adobe Photoshop. While making the announcement, Adobe said that the addition of generative AI features in Adobe Photoshop would be the start of a major push in which the company plans to add multiple different AI features to all of its software thus helping creative individuals have a much faster and easier workflow. Adobe would not be the first company to integrate or create an image-generating AI since many other AI models such as the Dall-E or Midjourney have gained popularity amongst users, however, they are still not being used by large organizations primar...
Post a Comment
Read more

Best Smartphones Under Rs. 20,000 in Pakistan

  In our tech-driven world, smartphones have become a crucial part of our daily lives. With numerous choices available, it can be challenging to find the perfect smartphone that suits both your needs and budget. To simplify your decision-making process, we have created a list of the top 5 smartphones under Rs. 20,000 in Pakistan. These devices offer great features and performance without costing a fortune. Let’s explore the details! itel P17 Pro itel P17 Pro is an affordable entry-level mobile phone launched by itel on September 29, 2022. The price of this phone is PKR 18,400. The phone is equipped with a UniSoC SC9832E processor and an ARM Mali T820 MP2 GPU. It has 2 GB of RAM and 32 GB of storage memory. The itel P17 Pro features a 5.5-inch IPS LCD display with touch functionality. In terms of cameras, the itel P17 Pro has a 2 MP camera on the front for selfies and a 5 MP camera on the rear for capturing photos. The front camera supports video recording, while the rear camera sup...
Post a Comment
Read more