BrutePrint. I wrote about the Android risk last week…

…and I am going to start the week off with the Android risk! BrutePrint!

This is only research at the moment but what starts off in the lab can migrate to the wild once threat actors know what to look for!

A new brute force attack on Android fingerprint biometric security has been demonstrated by researchers at Tencent Labs and Zhejiang University. The attack, called BrutePrint, bypasses the security and allows the threat actors to gain control of the device.

Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)

Here is the paper which includes an interesting diagram that describes the attack and the systems bypassed:

BRUTEPRINT: Expose Smartphone Fingerprint Authentication to Brute-force Attack (arxiv.org)

Tuesday Update

New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)

But google is taking action with a new bug bounty programme aimed at Android apps:

Google launches bug bounty program for its Android applications (bleepingcomputer.com)

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

The Android Risk – Smart Thinking Solutions