Many of us tend to believe that when our Android phones are lost or stolen, fingerprint lock will keep sensitive data safe. However, Chinese researchers have found a way to circumvent this protection using a brute-force attack. Researchers from Tencent Labs and Zhejiang University have discovered that they can circumvent the fingerprint lock on Android smartphones using a brute-force attack, which involves multiple attempts to find a password, code, or other form of security protection.
iOS is secure but Android is vulnerable
To protect against brute force attacks, Android phones often have measures such as limiting the number of attempts a user can make and liveness detection. However, the researchers managed to bypass these measures using two vulnerabilities called Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).
According to the reports, it was discovered that the biometric data in the Serial Peripheral Interface (SPI) of the fingerprint sensors lacked comprehensive protection, thus allowing the MITM attack to steal the fingerprints. Researchers tested a brute-force attack called BrutePrint on ten popular smartphone models. They were able to make an unlimited number of fingerprint login attempts on Android and HarmonyOS (Huawei) phones. In the trials on iPhone SE and iPhone 7, security measures could not be overcome.
According to the analysis, BrutePrint can get between 2.9 and 13.9 hours on a device with only one fingerprint set. With more than one fingerprint, the attacker has a higher chance of finding a match, and the success time falls between 0.66 hours and 2.78 hours. The good news is that this isn't the easiest type of attack to execute. Someone needs not only physical access to the target phone and some time, but also access to biometric data leaks or a fingerprint database. On the other hand, it is stated that law enforcement or government agencies can easily take advantage of these vulnerabilities.