Security News > 2023 > May > Brute-Forcing a Fingerprint Reader

Unlike password authentication, which requires a direct match between what is inputted and what's stored in a database, fingerprint authentication determines a match using a reference threshold.

As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the fingerprint database.

BrutePrint acts as an adversary in the middle between the fingerprint sensor and the trusted execution environment and exploits vulnerabilities that allow for unlimited guesses.

In a BrutePrint attack, the adversary removes the back cover of the device and attaches the $15 circuit board that has the fingerprint database loaded in the flash storage.

The adversary then must convert the database into a fingerprint dictionary that's formatted to work with the specific sensor used by the targeted phone.

CAMF exploits invalidate the checksum of transmitted fingerprint data, and MAL exploits infer matching results through side-channel attacks.

News URL

https://www.schneier.com/blog/archives/2023/05/brute-forcing-a-fingerprint-reader.html