#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Unlock Screen Lock | Breaking Cybersecurity News | The Hacker News

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

May 29, 2023 Authentication / Mobile Security
Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed  BrutePrint , bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework. The flaws, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), leverage logical defects in the authentication framework, which arises due to insufficient protection of fingerprint data on the Serial Peripheral Interface (SPI) of fingerprint sensors. The result is a "hardware approach to do man-in-the-middle (MitM) attacks for fingerprint image hijacking," researchers Yu Chen and Yiling He  said  in a research paper. "BrutePrint acts as a middleman between fingerprint sensor and  TEE  [Trusted Execution Environment]." The goal, at its core, is to be
Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens

Nov 10, 2022
Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as  CVE-2022-20465  and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's  monthly Android update  for November 2022. "The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user's device," Schütz, who was awarded $70,000 for the lock screen bypass,  said  in a write-up of the flaw. The problem, per the researcher, is rooted in the fact that lock screen protections are completely defeated when following a specific sequence of steps - Supply incorrect fingerprint three times to disable biometric authentication on the locked device Hot swap  the SIM card in the device with an attacker-controlled SIM that has a PIN code set up Enter incorrect SIM pin thric
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
New iPhone Bug Gives Anyone Access to Your Private Photos

New iPhone Bug Gives Anyone Access to Your Private Photos

Oct 16, 2018
A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos. The bug was patched in iOS 12.0.1, but he now discovered a similar iPhone passcode bypass hack that works in 12.0.1 and is easier to execute than the bug Rodriguez discovered and reported two weeks ago. The new hack allows anyone with physical access to your locked iPhone to access your photo album, select photos and send them to anyone using Apple Messages. Since the new hack requires much less effort than the previous one, it leaves any iPhone user vulnerable to a skeptic or distrustful partner, curious college, friend or roommate who could access your iPhone's photo
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Hacker Finds a Simple Way to Bypass Android 5.x Lock Screen [Steps & Video]

Hacker Finds a Simple Way to Bypass Android 5.x Lock Screen [Steps & Video]

Sep 16, 2015
A Security researcher and hacker, named John Gordon , has found an easy way to bypass the security of locked smartphones running Android 5.0 and 5.1 (Build LMY48M). Many of us use various security locks on our devices like Pattern lock, PIN lock and Password lock in order to protect the privacy of our devices. However, a vulnerability could now allow anyone to take your Android smartphone ( 5.0 build LMY48I ) with locked screen, perform a " MAGIC TRICK " and as a result crash the user interface (UI) for the password screen and gain access to your device. The vulnerability, assigned CVE-2015-3860 , has been dubbed as " Elevation of Privilege Vulnerability in Lockscreen ". How the Attack Works? The secret behind the researcher's "MAGIC TRICK" is as follows: Get the device and open the Emergency dialer screen. Type a long string of numbers or special characters in the input field and copy-n-paste a long string continuously til
Cybersecurity Resources