![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneThis works against both Android and iPhone devices. However, Apple went to facial recognition a few generations ago, so you've got a much older iPhone if you're still using a finger print reader.
The attack is not quick and straightforward. It requires the attacker to have physical control of the devices and can take up to hours to execute. But it is quite clever!
The phone is partially disassembled and a chip is mounted onto the system board. A memory card with a database of fingerprint data is part of this attack system. The basics of the attack is quite simple: while you and I may not have identical fingerprints as far as a fingerprint expert is concerned, they might be similar. This attack exploits a vulnerability in the system and "...manipulates the false acceptance rate (FAR) to increase the threshold so fewer approximate images are accepted."
Meaning that if your fingerprint is similar to mine, and yours is in this fingerprint database, through this system your fingerprint might unlock my phone!
Now, one thing the manufacturers did to prevent multiple attempts at unlocking phones was to code in a hard limit as to how many unlock attempts that you get. This system TRIPLES that limit!
Pretty darn clever.
Now here's the killer: the parts to make this are about $15.
And the database of fingerprints? Biometric database breaches. Not difficult to obtain.
https://arstechnica.com/information-technology/2023/05/hackers-can-brute-force-fingerprint-authentication-of-android-devices/
https://it.slashdot.org/story/23/05/24/0435205/brute-force-test-attack-bypasses-android-biometric-defense
The attack is not quick and straightforward. It requires the attacker to have physical control of the devices and can take up to hours to execute. But it is quite clever!
The phone is partially disassembled and a chip is mounted onto the system board. A memory card with a database of fingerprint data is part of this attack system. The basics of the attack is quite simple: while you and I may not have identical fingerprints as far as a fingerprint expert is concerned, they might be similar. This attack exploits a vulnerability in the system and "...manipulates the false acceptance rate (FAR) to increase the threshold so fewer approximate images are accepted."
Meaning that if your fingerprint is similar to mine, and yours is in this fingerprint database, through this system your fingerprint might unlock my phone!
Now, one thing the manufacturers did to prevent multiple attempts at unlocking phones was to code in a hard limit as to how many unlock attempts that you get. This system TRIPLES that limit!
Pretty darn clever.
Now here's the killer: the parts to make this are about $15.
And the database of fingerprints? Biometric database breaches. Not difficult to obtain.
https://arstechnica.com/information-technology/2023/05/hackers-can-brute-force-fingerprint-authentication-of-android-devices/
https://it.slashdot.org/story/23/05/24/0435205/brute-force-test-attack-bypasses-android-biometric-defense
