Saturday, September 30, 2023
HomeNewsFingerprint security on Android phones is broken

Fingerprint security on Android phones is broken

Fingerprint security technology on Android smartphones can be cracked with just a device that costs 15 USD. Two researchers Yu Chen of Tencent and Yiling He of Zhejiang University (China) discovered two unpatched security holes that exist in the fingerprint authentication system of most Android smartphones. From there, hackers can perform a BrutePrint attack to unlock the machine. The two researchers used a $15 circuit board, consisting of a microcontroller, analog switch, SD card and board connector to bypass the fingerprint security layer on a smartphone. The fastest unlocking process is 40 minutes. The test is performed on 8 Android phone models and 2 iPhone models, including Xiaomi Mi 11 Ultra, Vivo X60 Pro, OnePlus 7 Pro, OPPO Reno Ace, Samsung Galaxy S10+, OnePlus 5T, Huawei Mate30 Pro 5G, Huawei P40, iPhone SE and iPhone 7. Smartphone has a limited number of fingerprint entries, if exceeded, the device will be locked. However, BrutePrint attack can exceed this limit because the fingerprint validator does not require complete accuracy between the input fingerprint and the fingerprint stored in the machine. When the fingerprint closely matches the stored data, the device will still be unlocked. Successful unlocking time for each Android smartphone is also different. In which, Oppo took 40 minutes and Samsung took from 73 minutes to 2.9 hours. The “hardest” Android model is Mi 11 Ultra with 13.89 hours. Meanwhile, the researchers failed to penetrate the iPhone. Apple has encrypted users’ biometric data so BrutePrint attacks cannot access the fingerprint database on the phone. Two experts Yu Chen and Yiling He think that Google should implement encryption of all data exchanged between the fingerprint scanner and the processing chipset of Android smartphones. However, they also reassured that the test was done on older Android phones, while the new generation high-end versions are not easily penetrated. Security Boulevard also said that newer Android users do not need to worry because the BrutePrint attack may not work effectively on Android phones that are updated to the latest security version.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments