Security experts recommend that crypto users looking for a safer option should choose iPhone.
A recent study by Chinese scientists discovered a method called BrutePrint that makes it possible to unlock almost any fingerprint-protected smartphone based on Android.
This method allows the mobile lock to be unlocked by brute force attacks or by using a type of 'virtual fingerprint'.
You can read the abstract of this research article below.
Research Paper Title: BRUTEPRINT: Makes Fingerprint Authentication on Smartphones Vulnerable to Brute Force Attack
Research Paper Summary: Fingerprint authentication has become a common security measure on smartphones in addition to traditional password authentication. However, recent research has discovered a significant weakness in smartphone fingerprint authentication systems. In this article, we present a method called BRUTEPRINT that exposes smartphone fingerprint authentication to brute force attacks.
Our research reveals that current security measures, such as liveness detection and try limits, are insufficient to reduce the risks of brute force attacks in fingerprint authentication. BRUTEPRINT acts as an intermediary that enables successful brute force attacks on off-the-shelf smartphones by bypassing trial restrictions and capturing fingerprint images.
To achieve this, we exploit two zero-day exploits in the smartphone fingerprint authentication framework. By leveraging the simplicity of the SPI protocol, we successfully bypass liveness detection and testing limitations and enable the acceptance of fake fingerprints.
To validate our findings, we conduct a comprehensive evaluation of BRUTEPRINT on 10 representatively selected smartphones from the top 5 vendors and across a variety of apps such as screen lock, payment, and privacy. The results show that all tested smartphones except the iPhone are vulnerable to fingerprint brute force attacks. The shortest time to unlock a smartphone without prior knowledge of the victim is estimated to be 40 minutes.
As a result, we propose software and hardware mitigation measures to address the vulnerabilities uncovered by BRUTEPRINT and improve the security of smartphone fingerprint authentication systems.
BRUTEPRINT is a method that exposes smartphone fingerprint authentication to a brute force attack. This method allows the phone to be unlocked by breaking the lock system used in fingerprint-protected Android smartphones. Mobile unlocking is done using a brute force attack or virtual fingerprint.
A recent study by Chinese researchers revealed this method called BRUTEPRINT. This method manages to bypass the security measures used in fingerprint-protected smartphones. In particular, measures such as liveness detection and trial limiting are circumvented by BRUTEPRINT.
As a result of this study, security experts suggest that Android users should not worry about the security of their phones and should consider using an iPhone to ensure better security. Because iPhones may have security measures that can better protect against such brute force attacks.
Keywords: fingerprint authentication, brute force attack, smartphone security.
