is an HTML element used to define a section of a webpage that can be styled and manipulated separately from the rest of the page. However, in a recent study, researchers discovered that hackers can use a $15 circuit board to brute-force a fingerprint reader on Android smartphones. This is possible because fingerprint authentication uses a reference threshold instead of a direct match between the input and stored data. The BrutePrint attack manipulates the false acceptance rate (FAR) to increase the threshold, allowing for more matches. It exploits vulnerabilities in the fingerprint authentication framework of smartphones, allowing for unlimited guesses.
The BrutePrint attack involves removing the back cover of the device and attaching the circuit board with the fingerprint database loaded in the flash storage. The adversary then converts the database into a fingerprint dictionary that matches the specific sensor used by the targeted phone. The dictionary is inputted into the targeted phone, bypassing the attempt limiting protection that locks the phone after a set number of failed login attempts. The attack can take between 40 minutes and 14 hours, depending on the model of the smartphone.
The study found that the attack was successful on Android devices but not iPhones because iOS encrypts the data, while Android does not. The researchers also discovered two zero-day vulnerabilities in the smartphone fingerprint authentication framework, called CAMF and MAL, which exploit logic bugs in the authentication process. CAMF invalidates the checksum of transmitted fingerprint data, and MAL infers matching results through side-channel attacks.
In conclusion, the
element is a useful tool for designing webpages, but it is important to be aware of the vulnerabilities that exist in technology. The BrutePrint attack highlights the need for better security measures in smartphone fingerprint authentication frameworks. It is essential to encrypt data and fix logic bugs to prevent brute-force attacks and protect sensitive information. As technology advances, it is crucial to remain vigilant and implement robust security measures to stay ahead of hackers.