Unfortunately, Android is one of the main targets of cyber attackers. Simply because it is the most widely used operating system. And if you have a model with an integrated fingerprint reader, we are very afraid that it is not an infallible method against hackers.
MovilZona colleagues have echoed a report by researchers from Tencent Labs and Zhejiang University, whichA vulnerability has been discovered in Android called BrutePrint and that allows bypassing biometric fingerprint authentication and taking control of the phone through a brute force system.
Beware: they can force the authentication of the fingerprint reader on your mobile
In case you don’t know whatWhat is a brute force attack? It is a type of computer attack in which the system is constantly attacked until it hits. For example, a brute force attack on a password consists of trying combinations indefinitely to gain access.
And the researchers mentioned have shown that a current phone with a fingerprint reader can be unlocked by exploiting two zero-day vulnerabilities called “Cancel-After-Match-Fail” (CAMF) and “Match-After-Lock” (MAL).
In said study, reveal that the fingerprint registration made to the user is not properly protected, so by using a brute force attack a “virtual fingerprint” is obtained that can be used to unlock the phone.
enlarge photo
The BrutePrint idea is very clever: saturating a phone with all kinds of fingerprints until the smartphone recognizes some pattern that matches the user’s real fingerprint and allowing access.
It is true that this attack requires physical access to the phone, and it has to connect to a database with pre-saved fingerprints, but it is still a great danger.
Note that This method has many uses: from security forces that will be able to access any device, through cybercriminals that will be able to unlock stolen phones to access your personal data, including bank keys…
Although they have not revealed the models, These researchers tested this BrutePrint system on devices with Android and HarmonyOS (the operating system used by Huawei), and managed to gain access, demonstrating that this type of attack worked.
And what about iPhones? Well, iOS only allows ten attempts before blocking the system, so it’s better in terms of security. So, if you have an Android phone with a fingerprint reader, be careful who you leave it with…
>
