Risk:
| high |
Damage: |
|
Platform(s): |
Android OS |
Advisory ID: |
|
Version: |
|
CVE: |
|
Published: |
|
Summary
A new method of bypassing user authentication on smartphones running the Android, HarmonyOS, and iOS operating systems has been discovered. The method has been dubbed 'BrutePrint' by its discoverers, Tencent Labs and Zhejiang University, because it employs brute force attacks to crack modern smartphone authentication mechanisms such as fingerprints to bypass user authentication and take control of the device.
Description & Consequence
By exploiting what they claim are two zero-day vulnerabilities, namely Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), the researchers were able to circumvent existing safeguards on smartphones, such as attempt limits and liveness detection, which protect against brute-force attacks. However, attacker requires physical access to the device as well as specialized hardware that is relatively inexpensive to conduct this attack. The attacker intends to continuously submit fingerprint images to the target device, obtained from data leaks or fingerprint databases sold on the dark web, until they find a match. They also manipulate the False Acceptance Rate (FAR) to raise the acceptance threshold and speed up the matching process. They had unlimited fingerprint unlock attempts on Android and HarmonyOS, but only 10 on iOS devices.
Sensitive and personal data can be stolen from compromised devices. Furthermore, once a device is accessed by a threat actor they can install a malware, such as a Trojan, to establish persistence.
Solution
To avoid falling prey to such attacks, one must:
- Keep devices within close proximity so that they do not fall into the wrong hands.
- Always keep devices updated with the latest software and security updates.
- Avoid using older devices that are no longer supported by their manufacturers.
Reference
Revision
