$15 tool that unlocks almost all Android devices

Fake fingerprints can be used to unlock some Android phones, according With Yu Chen from Tencent and Ling He from Zhejiang University.

Researchers have discovered that two 0-day vulnerabilities found in the fingerprint authentication framework of almost all smartphones can be exploited to unlock Android devices.

The attack was called BrutePrint. It requires a $15 board with a microcontroller, analog switch, and SD flash card. The attacker will also need to have possession of the victim’s smartphone for at least 45 minutes, and a fingerprint database is also required.

The researchers looked at eight Android phones — Xiaomi Mi 11 Ultra, Vivo X60 Pro, OnePlus 7 Pro, OPPO Reno Ace, Samsung Galaxy S10+, OnePlus 5T, Huawei Mate30 Pro 5G, and Huawei P40 — and two iPhones — the iPhone SE and iPhone 7.

Smartphones allow a limited number of fingerprint attempts, but BrutePrint can exceed that limit. The fingerprint authentication process does not require a direct match between the entered values ​​and the database value. A reference boundary is used to specify a match. So a malicious user can take advantage of this by trying different inputs until it uses an image that closely resembles the one stored in the fingerprint database.

The attacker would need to remove the back cover of the phone to attach the $15 pad and perform the attack. The researchers were able to unlock all eight Android phones using this method. Once the phone is unlocked, it can be used to authorize payments.

This particular method does not work on iPhones because iOS encrypts the data.