1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This brute-force fingerprint attack could break into your Android

    From TechnologyDaily@1337:1/100 to All on Mon May 22 19:45:04 2023
    This brute-force fingerprint attack could break into your Android phone

    Date:
    Mon, 22 May 2023 18:34:24 +0000

    Description:
    With enough time, and access to the device, there's a way to break into
    locked Android phones.

    FULL STORY ======================================================================

    There is a way to brute-force fingerprints on Android devices and with physical access to the smartphone , and enough time, a hacker would be able
    to unlock the device, a report from cybersecurity researchers at Tencent Labs and Zhejiang Unversity has claimed.

    As per the report, there are two zero-day vulnerabilities present in Android devices (as well as those powered by Apples iOS and Huaweis HarmonyOS),
    called Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).

    By abusing these flaws, the researchers managed to do two things: have
    Android allow an infinite number of fingerprint scanning attempts; and use databases found in academic datasets, biometric data leaks, and similar.
    Cheap hardware

    To pull the attacks off, the attackers needed a couple of things: physical access to an Android-powered smartphone, enough time, and $15 worth of hardware.

    The researchers named the attack BrutePrint, and claim that for a device that only has one fingerprint set up, it would take between 2.9 and 13.9 hours to break into the endpoint. Devices with multiple fingerprint recordings are significantly easier to break into, they added, with the average time for brute-printing being between 0.66 hours and 2.78 hours. Read more

    Over 50 Chinese apps banned in fresh crackdown by the Indian government


    Windows 11 now has much better protection against brute-force attacks



    Keep your business safe with the best endpoint protection for small
    business

    The researchers ran the test on ten popular smartphone models, as well as a couple of iOS devices. We dont know exactly which models were vulnerable, but they said that on Android and HarmonyOS devices, they managed to achieve infinite tries. For iOS devices, however, they only managed to get an extra ten attempts on iPhone SE and iPhone 7 models, which is not enough to successfully pull off the attack. Thus, the conclusion is that while iOS
    might be vulnerable to these flaws, the current method of breaking into the device via brute force wont suffice.

    While this type of attack might not be that attractive to the regular hacker, it could be used by state-sponsored actors and law enforcement agencies, the researchers concluded. Check out the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-brute-force-fingerprint-attack-could-break -into-your-android-phone


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)