Android fingerprint lock is less secure than you think

If you are using fingerprint lock on your android mobile phone, it’s important that you know that it’s not as safe as you think. Security experts have shown that devices running Google software or variants thereof vulnerable to brute force attacks through this authentication system.

Yu Chen and Yiling He, researchers at Tencent Labs and Zhejiang University, China, have developed a method that allows users to access fingerprint-protected devices. An attack that is of great concern not only because it allows you to bypass the lock screen of a smartphone, but also because it is applicable for purposes such as authentication to authorize payments or access applications and personal folders.

According to the fee bleeding computer, the methodology was named BrutePrint. As part of it, experts were able to unlimited unlock attempts on all Android and HarmonyOS phones used during the jailbreak test. It is worth noting that among the models were Xiaomi Mi 11 Ultra, Vivo X60 Pro and Samsung Galaxy S10 +. The idea of ​​the analysts was to test their method on equipment with optical, ultrasonic and capacitive fingerprint sensors.

For the test, they also used two models of iPhone – iPhone 7 and iPhone SE – but they also failed to hack them, like Android devices with a fingerprint lock.

Bypassing the fingerprint lock on Android mobile devices is possible and no doubt a concern. Nevertheless, it doesn’t mean it’s an easy or practical hack to perform. It lies in the fact that an attacker needs not only long-term access to the device in question, but also special equipment. The latter may not be a disadvantage for trained cybercriminals, as it will cost no more than $15. But make it clear that this is not a vulnerability that can be exploited on the fly.

How can you hack the fingerprint lock on Android phones?

It is interesting how researchers managed to have an unlimited number of attempts to unlock an Android mobile phone using its owner’s fingerprint. For this they used two apparent zero-day vulnerabilities: one is known as Cancel-after-match-failure (CAMF) and Match after block (EVIL).

What the former does is intervene in the authentication process so that mobile security systems do not register failed attempts. The second, meanwhile, allows you to keep feeding fingerprint information to the sensor even if the phone has been locked.

Let’s not forget that all smartphones with a fingerprint lock will only allow a certain number of attempts before pausing the unlock for a certain number of seconds. Thanks to these two vulnerabilities, the experts were able to evade security measures and have an infinite number of tries to access the equipment.

Another important point in this story is that the researchers found that the biometric data of the mobile phone owner is not properly protected on the serial peripheral interface, or SPI, of the fingerprint reader. This makes them vulnerable to so-called man-in-the-middle attacks.

Having said all that, how to hack fingerprint lock on Android phones? An attacker must gain access to a “collection” of fingerprints, which is easier to obtain than one might think. Some databases of biometric information are available for academic purposes, while others have been exposed through leaks.

This information is then downloaded to an 8 GB SD card, which can store approximately 200,000 fingerprint images. It is inserted into a PCB with a board-to-board connector that communicates with the motherboard FPC and the mobile phone biometric reader.. In addition, the experts included automatic clicker which is responsible for the automatic “waking up” of the sensor. This would simplify a large-scale attack by automating the implementation of a fingerprint library to break the blockade.

iPhone passed the test

The authors have succeeded in developing a workable method for carrying out brute-force attacks on Android mobile devices using fingerprint blocking. We have already made it clear that the process is cumbersome, but it exposes a security issue that has been little or no explored.

What is striking is that The iPhones used in the test could not have been compromised.. Using the same method, the experts managed to increase the limit of unsuccessful authentication attempts from 5 to 15. However, they failed to unlock the phones developed in Cupertino.

There is a very interesting reason behind this. What he? That Apple encrypts the biometric data of the smartphone owner in SPI. In this way it is impossible to achieve matcheo with information that can be entered from an external fingerprint library.