Researchers have devised a low-cost smartphone attack that cracks the authentication fingerprint used to unlock the screen and perform other sensitive actions on a range of Android devices in as little as 45 minutes.
Dubbed BrutePrint by its creators, the attack requires an adversary to have physical control of a device when it is lost, stolen, temporarily surrendered, or unattended, for instance, while the owner is asleep. The objective: to gain the ability to perform a brute-force attack that tries huge numbers of fingerprint guesses until one is found that will unlock the device. The attack exploits vulnerabilities
→ Continue reading at Ars Technica