Smartphone with fingerprint sensor. – UNSPLASH
September 21 () –
One of the most widely used security protections in smartphones, considered one of the most reliable, is unlocking by fingerprint; however, this measure can be threatened by BrutePrint, a technique capable of forcing devices, especially those with Android operating systems, protected by this biometric identification method.
Fingerprints are a virtually unique characteristic of each person and, in addition, they are a physical factor that does not change over time. All of this makes it possible to use them as a precise identification method linked to each person and, therefore, they have become a safe and reliable barrier for different issues, including unlocking the security factors of smartphones or other devices.
As a result, biometric identification through fingerprint recognition is a system commonly used in any smart mobile device as the main access barrier to unlock it, which has made it a recurring target for cybercriminals, who usually try to bypass this security measure to access the system and carry out malicious actions.
Thus, some attempts to deceive the fingerprint sensor are based on the physical imitation of the finger of the person who owns the phone. For example, a team of hackers from Chaos Computer Club (CCC) He managed to circumvent this technology by photographing the fingerprint on a glass surface and creating a mold from the fingerprint to fool the system.
However, these methods are not entirely effective because they require physical measurements and are often complex. This can be seen in the case mentioned above, which requires obtaining a high-quality image of the finger.
THE BRUTEPRINT METHOD
These difficulties are not present in BrutePrint, a technique discovered last year by researchers from the technology company Tencent, Yu Chen, and from the University of Zhejiang (China), Yiling He, who They came up with a method with which they can force almost any fingerprint-protected smartphone.
Specifically, BrutePrint is capable of decrypting the authentication fingerprint used to unlock the device’s screen, as well as performing other sensitive actions once they access the smartphone’s system.
Roughly speaking, as collected by experts from cybersecurity companies such as Kaspersky and Panda Securityis based on a system that, on the one hand, triggers a brute force attack that tests a large number of fingerprints until finding one that matches well enough to unlock the device.
This is because the sensors built into smartphones are not entirely accurate. In fact, according to Kaspersky, this varies depending on factors such as the type of sensor, its size, its resolution and other issues such as the image comparison and post-processing algorithms.
This attack also exploits vulnerabilities in the fingerprint authentication system of the device in question. To find this, the researchers looked for flaws in the implementation of the fingerprint sensor in Android smartphones and found that none of the models tested encrypted the communication channel between the sensor and the system.
Furthermore, this technique does not require as much precision as when trying to authenticate a password. With the password, it is necessary that it exactly matches the data stored in the system. But in fingerprint authentication, a slight margin is allowed.
BrutePrint also takes advantage of this, since it manipulates the False Acceptance Rate (FAR) to increase the margin of error. Therefore, for this system to work, it is enough that the image of the fingerprint entered is an approximation of the original fingerprint.
All in all, this BrutePrint technique can authenticate an unlimited number of fingerprints and, depending on the fingerprints stored for authentication on the device in question, it can take between 40 minutes or 14 hours to unlock it.
The tests of this system were carried out on ten models of popular Android, HarmonyOS and iOS smartphones. As a result, all models were brute-forced on at least one occasion. However, Android devices were more likely to fall prey to this attack.
MODUS OPERANDI
To carry out the attack, physical access to the device in question is required. This is because, as detailed by the researchers, to execute this technique it is necessary to remove the back cover of the smartphone and connect a printed circuit board. This board has a database of fingerprints with which the system will be attempted to be authenticated.
Once the board is connected, the database needs to be converted into a formatted fingerprint dictionary so that it is able to work with the specific fingerprint sensor used by the phone you want to force.
After this, an attempt is made to unlock the system using the fingerprints in the database and increasing the False Acceptance Rate, in order to be able to test as many fingerprints as possible until gaining access.
DIFFERENCES BETWEEN BRUTEPRINT ON ANDROID AND IOS
Specifically, to modify the FAR rate on Android devices, BrutePrint can add a checksum error to the fingerprint data, thereby causing the protection system to not record failed attempts, resulting in infinite attempts.
However, the Touch ID system on iPhone devices was more resistant to BrutePrint attacks. As detailed by the researchers, this is because Apple does encrypt the communication between the fingerprint sensor and the rest of the system. Therefore, it is more difficult to both intercept and test fingerprints to try to force the unlocking system.
However, the study notes that iPhones are more vulnerable to False Acceptance Rate (FAR) manipulations, as it was found that it was easier to increase the number of possible fingerprint recognition attempts. It should be noted that, even so, while the number of attempts on Android is unlimited, on iOS it could only be increased from 5 to 15 more attempts.
Add Comment