To prevent unauthorized access, many cell phones can be secured with a fingerprint sensor. However, the researchers managed to flip this protective mechanism around — with the help of surprisingly inexpensive equipment.
Now standard in modern smartphones: the fingerprint sensor. Manufacturers claim that mobile phone owners can use it to store their devices Well protected against unauthorized access. Their argument: A fingerprint is much more individual than a multi-digit number code. In addition, the system blocks after a certain number of failed attempts, so that an unlimited number of unlock attempts is not possible. At the same time, unlocking with a fingerprint is much easier and faster than entering a PIN.
Sounds perfect – in theory. but in fact The protection measure can be bypassed. These reports “computer beep” Citing new investigation by Tencent Labs and Zhejiang University.
Apple devices still offer the best protection
Specifically, the researchers succeededAnd Intelligently exceed the built-in limit on allowed unlock attempts. To do this, they exploited two zero-day vulnerabilities called cancel-after-match-fail (CAMF) and match-after-lock (MAL). The result: the researchers received an infinite number of login attempts on Android and HarmonyOS devices; On the other hand, Apple devices did a little better, but here too the researchers managed to trick themselves into making an additional ten unlock attempts.
According to Bleeping Computer, three things are required for actual unlock attempts: physical access to the smartphone, a database of possible fingerprints – according to the portal, such databases are available for research purposes or for data leaks – and “$15 worth of equipment”.
uTo unlock the device faster, hackers will need to change the threshold of the fingerprint sensor at which it provides a matching fingerprint and unlocks the device.
additional is found Researchers It was found that in some cases, vital data stored on a smartphone was not sufficiently protected and could be intercepted or altered by a hacker. Also in this case, the tested Apple devices offered better protection.
The researchers needed between 2.9 and 13.9 hours to unlock a secured device with a single fingerprint. If multiple fingerprints are stored, this time period is reduced, as evidenced by the results.
Bleeping Computer warns that criminals or law enforcement agencies can use the described methods to gain access to mobile phones – against the will of their owners.
If you would like to read more about cybercrime and cyber security, Subscribe to the Swisscybersecurity.net newsletter here. On the portal you can read daily news about current threats and new defense strategies.
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”