according toRelated papersThe researchers used two zero-day vulnerabilities through Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL).
An example of implementing automatic fingerprint brute force using a suppressable attack board, a hardware auto-clicker, and an optional action board. Image source: arXiv (2023). DOI: 10.48550/arxiv.2305.10791
A flaw in the Match-After-Lock feature, which was supposed to disable authentication activity when the device was in lockdown mode, but after cracked by researchers, researchers could continue to submit an unlimited number of fingerprint samples. The biometric data protection stored on the serial peripheral interface of the fingerprint sensor is insufficient, enabling attackers to steal fingerprint images. Samples can also be easily obtained from academic datasets or biometric data leaks.
The researchers used 10 devices for crack testing, including 6 Android phones, 2 Huawei Hongmeng phones, and 2 iPhones.
According to the test results, all Android devices and one HarmonyOS device have at least one vulnerability that allows intrusion. DUE TO THE STRICTER DEFENSES IN IOS DEVICES, ESPECIALLY APPLE IPHONE SE AND IPHONE 7, THESE DEVICES ARE ABLE TO WITHSTAND BRUTE FORCE ATTEMPTS. The researchers noted that iPhone devices are vulnerable to the CAMF vulnerability, but not to the point where they can successfully get in.
It is worth mentioning that according to experimental data, when users enter multiple fingerprints on a device, the time required for brute force will drop significantly, which is related to the higher probability of multiple fingerprints generating matching images.
Therefore, it is best not to enter multiple fingerprint information on the mobile phone unless necessary.
