A recently executed studio Tencent Laboratories to Zhejiang University (via BeepingComputerbrought to light a new type of attack called the .Attack BrutePrint” can be used to breach the digital fingerprint recognition system on Android and iOS smartphones. Allowing another person to control the mobile device, superando le misure di sicurezza implemented in smartphones.

Come l’Attacco BrutePrint can be used to breach digital fingerprint recognition on Android and iOS smartphones

I researchers managed to escape a smartphone, limited the number of digital protection attempts, exploited the vulnerability due to the zero-day, come note Cancel-After-Match-Failed (CAMF) Post Lock Match (GOODS). According to the published whitepaper, the studios identified a gap in the management of previous biometrics of digital prints. Information for toggling in SPI end interface protector in inadeguato modeIt enables a man-in-the-middle attack (MITM) that can destroy digital images acquired on a mobile device.

Interface SPI (Serial Peripheral Interface) is a serial communication protocol widely used in electronics. This protocol was developed by Motorola in the 1980s. standard became de facto for digital device communication.

BrutePrint and SPI MITM attacks were tested on ten popular smartphone models, obtaining unlimited access attempts via digital fingerprint on all devices Android to Harmony OS Temporary devices for (Huawei) and other devices iOS. The purpose of BrutePrint is to play an unlimited number of digital fingerprint images sent to the target device until the fingerprint is considered valid and authorized to unlock the phone..

The BrutePrint vulnerability resides between the fingerprint sensor and the Trusted Execution Environment (TEE). This attack uses the first falla to manipulate detection mechanisms. If there is a data error that has not been digitized, these authentication process was interrupted in abnormal modeallows a potential attacker to have the potential to test the targeted digital device, allowing the false access temporary registration number to be searched.

At first glance, BrutePrint doesn’t seem like a terrible reason Required to extend a device. However, it cannot hinder the attention that the smartphone has had.