Breakthrough with a $ 15 tool! Fingerprint authentication of Android smartphone-iPhone is safe – iPhone Wired

By using an applied version of the so-called brute force attack,Even a $15 tool can break through the fingerprint authentication of a considerable number of Android smartphonesResearchers at Zhejiang University in China have proven this.

Two zero-day vulnerabilities

According to researchers, fingerprint authentication can be broken because there are two zero-day vulnerabilities, “Cancel-After-Match-Fail (CAMF)” and “Match-After-Lock (MAL)”. That’s right.

The method used by researchers at Zhejiang UniversityBrutePrintAll you need to run is $15 or so of hardware, access to a fingerprint database (either from a university, lab, or otherwise leaked), and plenty of time.

In a nutshell (and actually a bit more complicated), the hardware accesses the fingerprint database and just searches for fingerprints that can unlock the phone.

iPhone SE and iPhone 7 cannot break through fingerprint authentication

Android smartphone 8 model, iPhone SE and iPhone 7 were used for the experiment. These 10 models are known to have at least one of the two vulnerabilities mentioned above.

For security reasons, the researchers did not disclose which smartphone fingerprint scanners they actually cracked, but thisBrutePrintIt seems that the attack could unlock a smartphone with only one fingerprint registered in 2.9 hours to 13.9 hours.

It’s easier if you have multiple fingerprints registered, and it takes 0.66 to 2.78 hours to unlock.

On the other hand, despite the fact that iPhone SE and iPhone 7 also have the “Cancel-After-Match-Fail (CAMF)” vulnerability,In this experiment, it was not possible to break through the fingerprint authentication.

Source: Bleeping Computer
(lunatic)