The fingerprint readers were incorporated, as an effective and practical unlocking system for smart phonesto prevent third parties from accessing stored data. However, It is possible to violate them.
BrutePrint It is a technique discovered in 2024 by researchers Yu Chenfrom the technology company Tencent, and Yiling He, of the Zhejiang University (China).
They managed to force almost any protected smartphone decrypting the authentication fingerprint, used to unlock the device screen, in a average of 45 minutes.
How does BrutePrint work?
To test this technique, a successive fingerprint test until finding one similar to the one recorded by the device.
It should be remove the back cover of the smartphone and connect a printed circuit board, which contains a database of fingerprints with which the system will be attempted to authenticate.
The technique BrutePrint can authenticate a unlimited number of fingerprints. Depending on the fingerprints stored on the device for authentication, unlocking can take between 40 minutes or 14 hours.
From the signatures Kaspersky and Panda SecurityThis is possible because smartphone sensors (physical or integrated into the screen) are not entirely accurate.
They are conditioned by factors such as their size, resolution and algorithms that process the image and compare it with the record.
In addition, a fault located by specialists in different devices with Android system is that the Communication channel between the sensor and the system is not encrypted.
Unlike password cracking, which replicates the key exactly, fingerprinting only requires an approximate image of the original.
Thus, BrutePrint can manipulate the False Acceptance Rate (FAR)for its acronym in English) to exploit the margin of error.
What are the differences with iPhone?
On Android devices, BrutePrint can trigger a checksum error in the fingerprint data to disable the protection system, which does not record failed attempts.
On the devices iPhone –with iOS system– its Touch ID system has more resistance against BrutePrint attacks.
The tests in Apple They revealed that the brand does encrypts communication between the fingerprint sensor and the rest of the system, which makes it more difficult to unlock the device using the BrutePrint technique.
Source: Ambito