10 device tests reveal fingerprint recognition security flaws iOS system is independent of brute force cracking

News on May 23: Recently, researchers from Tencent Security Xuanwu Lab and Zhejiang University jointly discovered a vulnerability that poses a high threat to Android and Hongmeng systems.

According to their research, this vulnerability can bypass the limit on the number of mobile phone fingerprint recognitions, allowing attackers to submit an unlimited number of fingerprint images and use brute force to crack the fingerprint recognition system.

Researchers revealed the technical details of this vulnerability in a related paper. They successfully cracked it by discovering two zero-day vulnerabilities, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), as well as insufficient protection in the serial peripheral interface of the fingerprint sensor. Mobile phone fingerprint recognition system.

According to ITBEAR technology information, the researchers used 10 different devices to conduct cracking tests, including 6 Android phones, 2 Huawei Hongmeng phones, and 2 iPhones .

The test results show that all test devices have flaws in the security of fingerprint recognition, but only the iOS system will not be affected by unlimited brute force cracking.

It is worth noting that according to experimental data analysis, when users enter multiple fingerprints on one device, the time required for brute force cracking is significantly reduced, which is related to the increased probability of multiple fingerprints generating matching images. .

Therefore, unless necessary, we recommend that you avoid entering multiple fingerprint information on your mobile phone to improve the security of fingerprint recognition.

Regarding the discovery of this vulnerability, researchers from Tencent Security Xuanwu Lab and Zhejiang University have provided detailed technical reports to relevant system manufacturers and developers, and are working with them to fix this vulnerability to ensure Users’ personal information and device security.

Although the progress of vulnerability fixes has not yet been announced, we expect relevant manufacturers to take quick action and release patches in a timely manner to protect users from potential security risks.

The above is the detailed content of 10 device tests reveal fingerprint recognition security flaws iOS system is independent of brute force cracking. For more information, please follow other related articles on the PHP Chinese website!