A recent study conducted by Tencent Labs e Zhejiang University (via BeepingComputer) brought to light a new type of attack, called “BrutePrint attack“, which can be used to hack the fingerprint recognition system on Android and iOS smartphones. This attack allows you to take control of another person's mobile device, overcoming the security measures implemented on smartphones.
How the BrutePrint Attack can be used to hack the fingerprint recognition system on Android and iOS smartphones
At the end of the treatment they succeeded to circumvent smartphone defenses, such as limits on the number of fingerprint recognition attempts, by exploiting two zero-day vulnerabilities, known as Cancel-After-Match-Fail (CAMF) and Match After Lock (MAL). According to the published technical paper, scholars have identified a gap in the management of fingerprint biometric data. The information that passes through the SPI interface is inadequately protected, enabling a man-in-the-middle (MITM) attack that can hijack captured fingerprint images on the mobile device.
The interface SPI (Serial Peripheral Interface) is a synchronous serial communication protocol widely used in electronics. This protocol was developed by Motorola in the 80s and is become a de facto standard for communication between digital devices.
Read also: Xiaomi wants to revolutionize the unlocking of the smartphone with fingerprint
BrutePrint and SPI MITM attacks were tested on ten popular smartphone models, resulting in unlimited fingerprint login attempts on all devices Android e HarmonyOS (Huawei) and ten more attempts on devices iOS. The goal of BrutePrint is to perform an unlimited number of fingerprint image sends to the target device until the fingerprint is recognized as valid and authorized to unlock the phone.
The BrutePrint vulnerability is located between the fingerprint sensor and the Trusted Execution Environment (TEE). This attack exploits a flaw to manipulate the detection mechanisms. By entering an error in the fingerprint data, the authentication process is terminated abnormally, allowing potential attackers to test fingerprints on the target device without it logging the number of failed login attempts.
At first glance, BrutePrint might not seem like a formidable attack due to the need for prolonged access to the device. However, this thing should not weaken the attention of smartphone owners.
