Brute-force test attack bypasses Android biometric defense


Chinese researchers say they successfully bypassed fingerprint authentication safeguards on smartphones by staging a brute force attack.

Researchers at Zhejiang University and Tencent Labs capitalized on vulnerabilities of modern smartphone fingerprint scanners to stage their break-in operation, which they named BrutePrint. Their findings are published on the arXiv preprint server.

A flaw in the Match-After-Lock feature, which is supposed to bar authentication activity once a device is in lockout mode, was overridden to allow a researcher to continue submitting an unlimited number of fingerprint samples.

Read more…