In order to facilitate the use of users, most domestic mobile phones are equipped with fingerprint unlocking function as standard, and the mainstream solutions have three ways: capacitive unlocking, optical unlocking, and ultrasonic unlocking. The latest research has found that no matter which unlocking method has security vulnerabilities, Huawei HarmonyOS and Android system mobile phones can not be avoided, only need to use more than 100 devices to complete the crack, fingerprint unlock is really reliable?
According to media reports, researchers from Tencent Security Xuanwu Lab and Zhejiang University released a report proposing a new attack mode called "BrutePrint" that can control the device by brute-forcing the fingerprint on the phone. After cracking the phone, the researchers can take control of the phone with a device of about $15 (about 106 yuan), which is very simple.
Researchers have done research on this common device on the market, and did not announce the specific model, as long as 6 of them are Android mobile phones, 2 are Huawei Hongmeng mobile phones, and 2 are iPhone mobile phones. After testing, it was found that all of the above devices contain at least one vulnerability, and Apple is not as absolutely secure as imagined, researchers can crack iOS devices, but Apple has a mechanism to protect it.
Since Apple phones do not support fingerprint unlocking, can only be unlocked through Face ID and password, the brute force attack device mentioned above can not be effective, researchers on Apple devices 10 additional attempts, a total of 15 attempts, if the consecutive multiple cracking failures will be more stringent security protection of the phone. HarmonyOS and Android devices do not have such a protection mechanism, and researchers can hack the device an unlimited number of times until the phone is finally completely cracked and the phone takes control.
The researchers also reminded that whether it is a Huawei Hongmeng mobile phone running the HarmonyOS operating system, or a domestic mobile phone running the Android system, the difficulty of cracking fingerprint unlock is related to the number of fingerprints entered. When a user enters a fingerprint on the device, it takes researchers between 2.9~13.9 hours to crack, but when the user enters multiple fingerprints, the cracking time only takes 0.66~2.78 hours, because the possibility of generating matching images is exponential and growing, that is, the more fingerprints are entered on a mobile phone, the lower the difficulty of cracking.
Seeing this, some fruit fans may have a natural sense of superiority, thinking that iPhone phones are inherently safer than domestic ones, but this is not the case. This time, the researchers mainly cracked the fingerprint unlock of Hongmeng and Android mobile phones, because Apple does not support fingerprint unlocking, so it is not the target of the main crack. Apple's iOS system is also different from the other two major operating systems, researchers need to crack targeted, the first two years of this revelation, hackers can complete the iPhone permission takeover in a second, but need some preliminary work, for professional hackers Apple is not safer than Android phones, there is no absolutely safe mobile phone in the world.
Friends, what do you think hackers only need more than 100 yuan to crack the fingerprint unlock of Hongmeng and Android devices?