Android biometric safeguards fail to withstand brute-force attack

A team of Chinese scientists has bullied its way past fingerprint authentication protections on smartphones, exposing significant vulnerabilities, reports TechXplore.

The operation, conducted by researchers at Zhejiang University and Tencent Labs, was codenamed “Bruteprint: Expose Smartphone Fingerprint Authentication to Brute-force attack.” The attack exposed a weakness in the phones’ lockout features (Match After Lock, or MAL), gained the team easy access to biometric fingerprint data stored on the devices or acquired through online databases, and circumvented Cancel-After-Match-Fail (CAMF), a …

android attack authentication biometric biometric-authentication biometrics news brute brute-force brute-force attack chinese consumer electronics exposed exposing fail features fingerprint fingerprint biometrics fingerprint recognition labs lockout pen testing phones reports researchers safeguards smartphone smartphones team tencent university vulnerabilities weakness