Google could certainly specify, via the CCD, that sensor data must be encrypted on its way to the AP's TEE (Application Processor Trusted Execution Environment) to qualify for "Class 2" biometric authentication, which is the minimum required for biometrics that integrate with Android apps. There is no excuse for that, even seven years ago. The bigger problem: even in 2016, encrypting data between the sensor & AP TEE should've been obvious. According to Wikipedia, it is still receiving critical security updates (iOS 15.7.5 was released on April 10, 2023). But the tested iPhone 7 wasn't even updated to iOS 15. None of these are generally seen as "old" devices to me, except the OnePlus 5T and the iPhone 7. Why think specifically the Android phones were old? The iPhone 7 is even older and yet remained immune to this brute-force attack. Notwithstanding that all the articles about this I've seen bury the fact that the Android phones are old and have Android 11 as the newest version in the bunch, and iPhones as well, this part did surprise me and I think warrants explanation: Here's the workflow of these systems, which are typically abbreviated as SFAs. BrutePrint overviewīrutePrint is an inexpensive attack that allows people to unlock devices by exploiting various vulnerabilities and weaknesses in smartphone fingerprint authentication systems. The attack exploits vulnerabilities and weaknesses in the device SFA (smartphone fingerprint authentication). The objective: to gain the ability to perform a brute-force attack that tries huge numbers of fingerprint guesses until one is found that will unlock the device. Researchers have devised a low-cost smartphone attack that cracks the authentication fingerprint used to unlock the screen and perform other sensitive actions on a range of Android devices in as little as 45 minutes.ĭubbed BrutePrint by its creators, the attack requires an adversary to have physical control of a device when it is lost, stolen, temporarily surrendered, or unattended, for instance, while the owner is asleep.
0 Comments
Leave a Reply. |