I just wanted to post a heads-up on the recent buzz around BrutePrint, which is an attack on the fingerprint sensors of some phones, where it can be bypassed in a relatively short time if the attacker has physical access to the phone.
In particular, it shows that Android is particularly vulnerable because the fingerprint database is not encrypted.
I’m wondering what people make of this in a FP context, and if it is feasible to encrypt the fingerprint database with the current codebase.
Haven’t read the full report, but I see mostly in-display scanners. I also read some fixes were already released, but didn’t confirm it myself.
And there is this option (with still no spaces in those sentences, maybe they will fix that with the FP5, dunno 
).
It’s in display finger print readers because that’s what’s used in most devices now. They do exploit the actual scanner by soldering to it, the puck you see on one of the pictures isn’t the exploit and is labeled as auto-clicker.
I see no reason why the FP4 wouldn’t be affected.
That setting won’t help either:
BrutePrint acts as an adversary in the middle between the fingerprint sensor and the trusted execution environment and exploits vulnerabilities that allow for unlimited guesses.
And, as mentioned by @KjetilK, there’s also this …
The ability of BrutePrint to successfully hijack fingerprints stored on Android devices but not iPhones is the result of one simple design difference: iOS encrypts the data, and Android does not.
… so yeah, completely fixing this would probably require significant changes to the proprietary bits, I’m not getting my hopes up …
I see also old iPhones indeed, they still have a similar sensor as the FP4. So it’s not only in-display sensors indeed. I haven’t read the report or dived into the other sources, so can’t really comment further on it.
yeah nice let just anyone ruin your phone / data and factory reset by trying a mere few times. duh.
No one is forcing you to use it, that’s not the default 
It’s a great option to reset the phone when in distress, just clumsily use the wrong finger a few times when forced to unlock it and the data is gone.
bet your cat turtle squirrel or toddler will be able to hose your phone just as well ;p
Again, it’s an option, you don’t have to use it but it’s there for a reason.
If you don’t get why people might need it, good for you.
Anyways, this topic is about whether the fingerprint sensor is exploitable, so let’s get back to that topic, shall we.
Since I’m a bit paranoid and was afraid my fingerprints might get stolen, I never did use the fingerprint sensor before.
And see what? I was right with that!
The attack still requires the attacker to have physical access to your phone, at which point I wouldn’t trust the FP4’s stock security model anyway, bootloader accepting test keys etc.
From what I’ve read about the exploit (and I might be completely wrong here) it seems the problem is the data not being encrypted in transit, the fingerprints should still be stored in the TPM which isn’t easily accessible 
Regardless, I’d agree, fingerprints aren’t a safe form of authentication, but they haven’t been before either.
An identifier that isn’t changeable is always a bad idea.
But there are still cases where they can be useful.
I can’t imagine the fingerprint is kept as an image it’s a data string of some pattern. Another device will have a different patterrn
For starters, Apple uses a similar solution and if you have an older model with a fingerprint sensor you’re just as safe using it as you were before. The same goes for older Samsung phones that launched pre-Marshmallow and used Samsung’s own methods.
The way Google stores your fingerprint data is the most secure way possible with current tech. It’s also fascinating how simple the overview of the whole thing is once you have a look at it.
How does Android save your fingerprints? | Android CentralAndroid requires your fingerprint data to be secured with a unique key, and you can;t take it to another phone or reuse it for another user.
Your fingerprints don’t “get stolen” in this attack. They’re still in the TEE. @KjetilK did not sum that up correctly from how I read the article.
What the article says is that it’s possible to have unlimited guesses using a large database of other known fingerprints until one of them matches closely enough to unlock. The unlimited guesses are in turn only possible because communication between fingerprint reader and TEE can be manipulated because it’s unencrypted.
Indeed, fingerprints are stored as hashes, and a hash of the scanned finger is compared to them.
That been said, fingerprints are not, I repeat, not a secure solution. Not only can they easily be stolen and/or faked, they are quite impossible to change, and the system managing them on your phone/laptop is a bunch of shortcuts and compromises.
(For the record, the exploits the OP mentions can easily bypass the number of failed attempts simply by not completing them… Which allows to brute-force the fingerprint.)
Anyway, hacking doesn’t happen like you see it in the movies: Here is what actually happens… 
So obviously the security of your fingerprints is irrelevant… Fingerprints only help keeping nosy colleagues/spouses/kids at bay, anything more determined will get through.
Wow. How is that not encrypted? So bad by Google. What are the details?
Hi and welcome to the forum.
So what isn’t encrypted ??
The way Google stores your fingerprint data is the most secure way possible with current tech. It’s also fascinating how simple the overview of the whole thing is once you have a look at it.
How does Android save your fingerprints? | Android CentralAndroid requires your fingerprint data to be secured with a unique key, and you can;t take it to another phone or reuse it for another user.
Reading the replies now rather than knee jerk (sorry), the data is safely stored in the TEE, which is encrypted and isolated. Phew. Looks like according to one person who read about the hack, it’s the removal of the 15 attempts fix that’s the issue. Thank you for sharing.
ATTENTION - wild conspiracy theory ahead:
After several security holes have been traced back to intelligence agencies, I would not be surprised if this security hole was intentionally built in, or at least intentionally not fixed. 
The point of BrutePrint is to better interface the Covid vaccine microchips with the 5G signal… 
That been said, if somebody here is interested in the actual paper (as opposed to 3rd and 4th party rumors):
(Sadly) some services (like the e-services of the austrian goverment) does not work without using the fingerprint module.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.
