Author

Topic: BrutePrint: bypassing smartphone fingerprint protection (Read 75 times)

hero member
Activity: 546
Merit: 516
Fingerprint protection have been the most convenient security measures that is used by a good percentage of users in the digital space. So, if this turn out to be unreliable as suggested by this post,  then it becomes worrisome.

A link to the study of Yun Chen and Yiling He publication on bruteforcing will help us learn more about their discovery.
hero member
Activity: 2702
Merit: 716
Nothing lasts forever
I don't know and I am not sure if bruteforcing a finger print can actually work but I would NEVER recommend using it for payment related apps.
I never use fingerprint on my banking related apps or crypto apps.
While it might be difficult for a remote person to get our fingerprint I personally think it would be a lot easy for a person who is near to us to get hold of our fingerprint.
It's best to use a passphrase with alphanumeric characters and symbols for protection of payment related apps.
legendary
Activity: 1708
Merit: 1615
Payment Gateway Allows Recurring Payments
Android fingerprint protection isn’t that reliable after all: it can be brute-forced even without a copy of your fingerprint.

"Fingerprint recognition is believed to be a fairly secure authentication method. Publications on different ways to trick the fingerprint sensor do pop up now and again, but all the suggested methods one way or another boil down to physical imitation of the phone owner’s finger — whether using a silicone pad or conductive ink printout. This involves procuring a high-quality image of a finger — and not any finger, mind, but the one registered in the system.

In a nutshell, all these methods come with lots of real-world hassle. But is it possible to do it somehow more elegantly, without leaving the purely digital world and all its benefits? Turns out, it is: Chinese researchers Yu Chen and Yiling He recently published a study on how to brute-force almost any fingerprint-protected Android smartphone. They called the attack BrutePrint."

Do not use fingerprint protection for your crypto wallets on mobile.
Jump to: