A group of Chinese academics have devised a new attack method they dubbed “BrutePrint” that can bypass user authentication on modern smartphones by brute-forcing fingerprints.
The BrutePrint attack involves the exploitation of two security weaknesses called Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), which allows to bypass existing security measures.
The researchers found that biometric data stored on fingerprint sensors’ Serial Peripheral Interface (SPI) is susceptible to Man-in-the-Middle (MITM) attacks due to the lack of proper protection, thus enabling threat actors to intercept and hijack fingerprints images.
The technique requires the attacker to have physical access to the target device, access to a fingerprint database, and equipment costing around $15.
According to the researchers, it only takes between 2.9 and 13.9 hours to break a fingerprint using BrutePrint. A series of experiments involving ten Android and iOS devices showed that Android devices were susceptible to unlimited fingerprint attempts, while iOS devices resisted the brute-forcing attacks, as iPhones encrypt fingerprints in SPI.