Fingerprint recognition is a popular biometric authentication method used on many Android devices. However, recent research has shown that these systems are vulnerable to attacks. In particular, researchers have developed a method that can be used to create a fake fingerprint that can be used to unlock the device.
The BrutePrint Attack
The attack, called BrutePrint, exploits two security flaws in the fingerprint recognition systems of many Android devices. The first flaw is that the systems do not adequately authenticate the fingerprint sensor. This means an attacker can simply connect a fake fingerprint sensor to the device, and the system will accept it as a valid fingerprint.
The second flaw is that the systems do not adequately protect the fingerprint data. This means that an attacker can extract the fingerprint data from the device and use it to create a fake fingerprint.
Researchers Uncover Vulnerability in Android Fingerprint Recognition Systems
A group of scholars from a prominent Chinese university has made a groundbreaking discovery regarding the security of Android devices’ fingerprint recognition systems. They have identified two critical weaknesses in these systems, which can be exploited to bypass the authentication process using counterfeit fingerprints.
Should one possess the necessary technical expertise, they could fabricate such a key themselves. Alternatively, it is possible to acquire it for a meager sum of $15.
However, executing this attack requires two vital components: the aforementioned key and uninterrupted access to the targeted device for approximately 45 minutes. The BrutePrint attack leverages the fingerprint database, with the device’s circuit boards conducting a simple search within the database to unlock the device.
To validate their findings, the research team conducted extensive testing on eight distinct Android devices, namely the Xiaomi Mi 11 Ultra, Vivo X60 Pro, OnePlus 7 Pro, Oppo Reno Ace, Samsung Galaxy S10+, OnePlus 5T, Huawei Mate 30 Pro 5G, and Huawei P40. Due to security concerns, the specific devices compromised as a result of this vulnerability were not disclosed.
Fascinatingly, the research team also extended their investigation to include devices running the iOS operating system, particularly iPhone models equipped with the Touch ID feature.
They scrutinized the iPhone SE and iPhone 7 models, but no evidence was found to suggest that these devices could be compromised using the aforementioned method. This implies that iPhone models offer robust protection against such attacks.
How to Protect Yourself from the BrutePrint Attack
There are a few things you can do to protect yourself from the BrutePrint attack:
- Keep your device’s software up to date. Software updates often include security patches that can help to protect your device from attacks.
- Use a strong PIN or password in addition to fingerprint recognition. This will make it more difficult for an attacker to access your device, even if they can bypass the fingerprint recognition system.
- Be careful about who you give your fingerprint to. Only give your fingerprint to people you trust.
Wrapping Up
The BrutePrint attack is a severe threat to the security of Android devices. However, by taking the steps outlined above, you can help to protect yourself from this attack.
