FINGERPRINT TECHNOLOGY OF MOBILE

Recent advances in Smartphone technologies enabled users to do various tasks using their smartphones. These tasks include not only simple ones such as playing mobile games and surfing the web, but also more critical ones, in particular, those dealing with private information and financial data. Therefore, a reliable mechanism is required to verify the identity of a person who tries to use the device. However, traditional secret knowledge-based solutions such as passwords, numeric PINs, and pattern locks have security issues such as password guessing attacks, brute-force attacks, and shoulder-surfing attacks. Moreover, they also have usability issues because a user must memorize some information and do a cumbersome task for log-on such as typing a password and drawing a pattern. In order to address these issues, fingerprint recognition is now being used for many smartphones, for example, iPhone 5s, Galaxy S5, and VEGA Secret Note. Fingerprint recognition is used both for unlocking a smartphone and for activating other security-critical functionalities in the smartphone, for example, for approving transactions in financial applications.

Therefore, it is very crucial to secure the fingerprint recognition service from possible threats such as intercepting a fingerprint image between an image sensor and a fingerprint recognition application and stealing the fingerprint data stored in a smartphone. Unfortunately, however, some of the currently deployed devices do not seem sufficiently safe against those threats. In this paper, we disclose the vulnerabilities in the fingerprint recognition service of VEGA Secret Note by analyzing the service application and demonstrate possible attacks against this service. (The VEGA series is one of the earliest smartphones with fingerprint recognition service, which is prior to recent popular ones such as iPhone 5s and Galaxy S5. The vulnerabilities were found on the device with Android 4.2.2 as of April, 2014. We reported these two vulnerabilities to the vendor. The second vulnerability was already addressed through a patch, and the vendor commented that the first vulnerability will also be addressed in the upcoming version.) VEGA Secret Note is an Android-based smartphone with a Qualcomm Snapdragon CPU (Krait 400), 3 GB RAM, and a 5.9-inch IPS touch display. It is equipped with an FPC fingerprint sensor on its back.

Our first attack is to enable a malicious application to acquire the fingerprint image of the owner of the victimized Smartphone by accessing the memory space that the fingerprint recognition service application uses to temporarily store the image. In a nutshell, this attack exploits the design flaw of the service application which violates the principle of least privilege for access control. To be precise, when a client application requests the service application to do fingerprint authentication, the service application activates a component which deals with the image of a scanned fingerprint. This component has been ill-designed so that it calls back an event handler in the client application with a reference to the memory location containing this image. As a result, the malicious client application can obtain the bitmap image by letting the component be activated and handling the event raised by that component.

Our second attack is to extract a stored template from the nonvolatile memory and restore fingerprint feature points by decoding the template. By identifying and analyzing a fingerprint service application on the target device, we identified the location of the stored template. In addition, we discovered that the template was encrypted, but the same key and initial vector (IV) are hard-coded and are the same for all devices. This design results in a vulnerability that a malicious user may be successfully authenticated if she/he overwrites a template by another template copied from his/her own device. In addition, by analyzing the structure of the decrypted template file, we were able to restore all feature points constituting the fingerprint template. This implies that a carefully forged template according to the file structure also may pass the authentication test.

Although we concentrated on a specific device in conducting our experiments, the technical flaws we have found in this device are a common trap that developers may fall into. Therefore, we suggest a few possible countermeasures to mitigate those vulnerabilities. We expect that the findings we obtained through our analysis may be used as a general guideline to design a secure biometric verification service on smartphones.

A generic biometric system can be cast in the framework of a pattern recognition system , which was adopted from , summarizes the typical stages in this generic system. A biometric system has two main procedures: registration (enrollment) of biometric data and verification (authentication) of biometric data, which are represented as blue dotted lines and green solid lines , respectively. The first stage of registration is to acquire the original biometric signal (typically, an image) using a sensor. The next stage is to extract invariant features from this original signal to construct a robust representation for biometric data that can uniquely determine an individual. The extracted features are stored as a form of a template. In the case of fingerprint recognition, a template contains fingerprint minutiae points. A minutia point is a peculiar point in a fingerprint image, for example, where a ridge either begins or divides into two ridges. A typical fingerprint may have tens of such points, and those points forming a template uniquely determine the characteristic of a specific fingerprint. Current fingerprint recognition systems are very accurate; in particular, they can provide a false rejection rate of 0.01% at a false acceptance rate of 0.1%.The first and second stages of biometric verification are similar to those of registration. However, instead of storing the extracted features, the system runs a matching algorithm to compare the features derived from the current input biometric with those of the stored template. The matcher makes a decision , that is, whether to accept the user or not, based on the matching score.

By reverse engineering a fingerprint recognition service application, we have identified a few vulnerabilities in the fingerprint recognition service of VEGA Secret Note and demonstrated actual attacks against this service. The technical flaws we have found in this device are a common trap that developers may fall into. To mitigate these vulnerabilities, we suggested possible countermeasures which may be implemented using well-known techniques in the literature. We expect that the findings we obtained through our analysis may be used as a general guideline to design a secure biometric verification service on smartphones. However, the proposed countermeasures cannot prevent all attacks , for example, a fake template synthesized using the reverse-engineered rules and keys of the target device. Therefore, it would be an important future research issue to develop a more robust countermeasure. In addition, it would be a good research issue to verify whether other smartphones such as Galaxy series and iPhones equipped with fingerprint recognition service are vulnerable or not to the attacks described in this paper.

 (BY TARLOCHAN BHIKHA)