It Only Takes A $15 Circuit Board To Bypass An Android Smartphone’s Fingerprint Security, According To Researchers
Fingerprint sensors on Android smartphones are likely the most common addition to these portable pieces of tech. While it is convenient that a single placement of a finger or thumb can grant the handset owner access to the device, there is a security risk involved. Some researchers have demonstrated that hijacking fingerprints stored on various devices running Android is possible through an inexpensive $15 circuit board.
The $15 circuit board is called BrutePrint by researchers, and it can take as little as 45 minutes to accumulate the stored fingerprints of an Android smartphone. To show that it works, these researchers tested it on 10 smartphones, two of which were the iPhone SE and the iPhone 7, while the remaining were high-end models running Google’s mobile OS and were a few years old.
BrutePrint comprises of an STM32F412 microcontroller from STMicroelectronics, a bidirectional, dual-channel analog switch called RS2117, an SD card with 8GB of internal memory, and a connector that connects the smartphone’s motherboard to the circuit board of a fingerprint sensor. BrutePrint exploits a vulnerability in Android smartphones that allows for unlimited fingerprint guesses, with the device getting unlocked as soon as the closest match is found in the database.
However, each Android smartphone is created differently, with Ars Technica reporting that the researchers found that it took anywhere from 40 minutes to 14 hours to unlock a handset. Of all the 10 models tested, the Galaxy S10 Plus took the least amount of time to unlock, ranging between 0.73-2.9 hours, whereas the Xiaomi Mi 11 Ultra took between 2.78-13.89 hours to unlock. The researchers had no success bypassing the security of the two iPhone models tested because iOS
Read more on wccftech.com
