Researchers have discovered a cheap attack method that can be used to brute force a smartphone’s fingerprints to bypass user authentication and take control of the device.
called approach brute printexploits two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework to circumvent restrictions put in place to counter failed biometric authentication attempts.
The flaws, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), are caused by insufficient protection of fingerprint data on the fingerprint serial peripheral interface (SPI) authentication framework. exploits the logical flaws of sensor.
Researchers Yu Chen and Yiling He said in a research paper that the result was a “hardware approach to conduct man-in-the-middle (MitM) attacks for fingerprint image hijacking.” “BrutePrint acts as an intermediary between the fingerprint sensor and the TEE” [Trusted Execution Environment]. “
The essential goal is to allow an unlimited number of fingerprint image submissions until a match is made. However, the assumption is that the threat actor already possesses the target device in question.
Additionally, the attacker must have a fingerprint database and a setup consisting of a microcontroller board and an auto-clicker that can hijack the data sent by the fingerprint sensor and carry out the attack for as little as $15.
CAMF is the first of two vulnerabilities that allow this attack. CAMF enhances the system’s fault-tolerance capabilities by disabling checksumming of fingerprint data, allowing an attacker unlimited attempts.
MAL, on the other hand, utilizes a side-channel to infer matches of fingerprint images on the target device, even after many login attempts and entering lockout mode.
“The lockout mode is further checked with Keyguard, disabling unlocking, but the authentication result was created by TEE,” the researchers explained.
“If a matching sample is found, a successful authentication result is returned immediately, so it is possible to infer the result from behavior such as response time or number of images retrieved in a side-channel attack.”
In the experimental setup, BrutePrint was evaluated against 10 smartphone models from Apple, Huawei, OnePlus, OPPO, Samsung, Xiaomi, vivo, infinite trials on Android and HarmonyOS, and 10 more trials on iOS devices. was done.
This discovery led a group of scholars to elaborate on hybrid side-channels that take advantage of the “three-way trade-off between execution speed (i.e. frequency), power consumption, and temperature” in modern system-on-chips (SoCs). received and announced. GPU performs “browser-based pixel-stealing and history-sniffing attacks” against Chrome 108 and Safari 16.2.
Known as a “hot pixel,” the attack leverages this behavior to fingerprint websites and use JavaScript code to gather user browsing history.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Reserve your seat!
This is achieved by designing a computationally intensive SVG filter that leaks pixel colors by measuring render times and secretly gathers information with an accuracy as high as 94%.
This issue has been acknowledged by Apple, Google, AMD, Intel, Nvidia, and Qualcomm. The researchers also recommend “prohibiting the application of SVG filters to iframes and hyperlinks” to prevent unauthorized access to sensor readings.
BrutePrint and Hot Pixels also follow Google’s discovery of 10 security flaws in Intel’s Trust Domain Extensions (TDX) that could lead to arbitrary code execution, denial of service conditions, and loss of integrity. I’m here.
Related to this, Intel CPUs are designed to mitigate the effects of side-channel attacks that exploit execution-time variations caused by modifying the EFLAGS register during transient execution in order to decode data without relying on caches. It has also been found to be acceptable.
