Android phones are vulnerable to a new form of hacking.
A group of security researchers has recently developed a new tool that could unlock an Android phone and perform other sensitive actions in less than an hour.
Interestingly, the researchers discovered that their newly developed tool doesn't work on iOS devices, particularly iPhones.
Android Phone Security Vulnerability Details
A couple of security researchers from Tencent and China's Zhejiang University recently created a new attack that allegedly could unlock an Android phone and even perform actions that require biometric confirmation in as little as 45 minutes.
According to a report from Ars Technica, Yu Chen and Yiling He of Tencent and Zhejiang University, respectively, developed the tool in question and named it BrutePrint. It is an "inexpensive" attack that lets people exploit a vulnerability in the mobile OS' smartphone fingerprint authentication (SFA) systems that allows for unlimited fingerprint guesses.
Interestingly, the security researchers said inexpensive because the attacks' core equipment consists only of a $15 circuit board that contains four devices. These include an STM32F412 microcontroller from STMicroelectronics, an RS2117 bidirectional, dual-channel analog switch, an 8GB SD flash card, and a board-to-board connector that connects the phone's motherboard to the flexible printed circuit of the fingerprint sensor.
The attack is as brutish as its name suggests - it tries huge numbers of fingerprint guesses until it finds one that works through the previously mentioned vulnerabilities and weaknesses. However, not every phone is the same - some require a lot more time (as long as 14 hours) to unlock through the tool.
The tool's quickness depends on several factors, such as the fingerprint authentication framework of a specific phone and the number of fingerprints stored within it for authentication. However, the attack requires a person to have physical control of a device for it to work.
According to Android Authority, a Samsung Galaxy 10 Plus smartphone took the least amount of time to get BrutePrinted, while a Xiaomi Mi 11 took the longest (2.78 to 13.89 hours).
Another interesting point the researchers discovered was that iPhones are invulnerable to the attack because their OS encrypts data while Android doesn't. Whether the researchers could create a tool that could decrypt the information stored within an iPhone to use BrutePrint is still unclear.
Preventative Measures Against Something Like BrutePrint
Yu Chen and Yuiling He proposes a few fixes for Google or an Android user to implement. These include several software or hardware changes designed to mitigate BrutePrint attacks and checking for CAMF exploits to prevent attempt-limiting bypasses.
They also recommend setting an additional limit for error cancels and preventing adversary-in-the-middle attacks by encrypting data passing between the fingerprint sensor and the device processor. Lastly, they advise making changes that cause fingerprint acquisition to behave consistently regardless of the inference of matching results.
"The unprecedented threat needs to be settled in cooperation of both smartphone and fingerprint sensor manufacturers, while the problems can also be mitigated in OSs," the researchers wrote. "We hope this work can inspire the community to improve SFA security."
Related Article : Hacker Discovers Exploit that Unlocks Google Pixel Lock Screens
