Overview
Explore the security vulnerabilities of fingerprint authorization in Android apps through this 34-minute Black Hat conference talk. Delve into the concept of "Fingerprint-Jacking" and learn about practical hijacking techniques. Understand the basics of clickjacking and its application to fingerprint scanners. Discover implementation flaws in many Android apps and examine various bypass methods, including the Translucent Attack and Wrist Attack. Analyze the conditions for successful attacks and explore potential mitigation strategies. Gain insights into the security-critical nature of fingerprint scanners in mobile devices and the importance of thorough security analysis. Watch demonstrations of the discussed techniques and learn about suggested countermeasures to protect against fingerprint authorization hijacking.
Syllabus
Introduction
Demo
What is Clickjacking
What we want
What developers can use
Older Android versions
Translucent Attack
How many apps have implementation flaw
Finding the Bypass
First Bypass
Second Bypass
Third Bypass
Wrist Attack
Mitigation
Conditions
Carbon Gadgets
Attack Table
Suggestions
Demonstration
Taught by
Black Hat