Fingerprint sensors are no longer secure on cell phones

New research suggests that fingerprint-only smartphones may not be as secure as they used to be. This process is known as a security risk bruteprint, a brute force access system. It is carried out by Yu Chen Ying HeeChinese researchers are working Tencent and Zhejiang University. According to the study, this technique allows fingerprint authentication to be breached on smartphones, especially Android devices.

The concern is that it does not require a copy of the device owner’s fingerprint. The process begins by exploiting the lack of encryption in the communication channel between the fingerprint sensor and the smartphone system. Using a device to intercept and simulate sensor signals, real fingerprint images are transmitted, selected and modified by artificial intelligence. Thus, two specific vulnerabilities are exploited in this type of security:

1.- Cancel-After-Match-Fail (CAMF): This process allows you to restart a series of authentication attempts without locking the device

2.- Match-After-Lock (MAL): If the device is locked due to multiple failed attempts, the system still allows fingerprint images to be sent, making it easier to collect information about valid fingerprints.

According to Yu Chen Ying Hee, the time required to execute a successful attack varies from 2.9 to 13.9 hours for a device with a single registered fingerprint. On devices with the largest number of registered fingerprints (typically five), the time is significantly reduced, between 0.66 and 2.78 hours.

It’s worth mentioning, they also tried other methods on the devices appleWhich, although slow, eventually manages to have unlocked effects.

Through: archive

Author’s Note: I still use keys with numbers, I think the password is less easy to decipher because of all the figures that exist for them. We will have to wait and see if the phone makers manage to find a solution.