Fingerprint Unlocking
BrutePrint or Fingerprint Unlocking works by exploiting two vulnerabilities in the way that smartphones authenticate fingerprints.
The first vulnerability, called Cancel-After-Match-Fail (CAMF), allows the attacker to bypass the limit on the number of failed fingerprint attempts. The second vulnerability, called Match-After-Lock (MAL), allows the attacker to submit fingerprint images even after the device has been locked.
To carry out the BrutePrint attack, the attacker first needs to get physical access to the target device. Once they have physical access, they can use the hardware that costs around $15 to inject fake fingerprint images into the device.
The fake fingerprint images are generated using a database of fingerprints that the attacker has obtained from academic datasets, biometric data leaks, or other sources.
Fake Fingerprint Unlocking
Once the attacker has injected the fake fingerprint or Fingerprint Unlocking images into the device, they can start the BrutePrint attack. The attack works by submitting fake fingerprint images to the device one at a time. If the attacker’s fake fingerprint image matches the fingerprint that is stored on the device, then the device will unlock.
The BrutePrint attack can be used to unlock any device that uses fingerprint authentication. However, the attack is more effective on devices that have multiple fingerprint records stored on them. This is because the attacker has a better chance of guessing the correct fingerprint if there are more fingerprints to choose from.
The BrutePrint or Fingerprint Unlocking attack is a serious security threat to devices that use fingerprint authentication. However, there are a few things that users can do to protect themselves from the attack. These include:
Using a strong fingerprint pattern or PIN
Enabling fingerprint lock on sensitive apps and features
Keeping their device’s software up to date
Being careful about who they let borrow their device
By taking these precautions, users can help to protect themselves from the BrutePrint attack and other fingerprint hacking attacks.
Also, read more about the 6 steps to monetize your website.