Android phones are vulnerable to fingerprint brute-force attacks, will affect SailfishOS?

so According to latest researchers you can now brute-force fingerprints on modern (android) smartphones to bypass user authentication and take control of the device…but this method apparently doesn’t affect Apple/iOS just Android…so I was wondering if it affects SailfishOS as well.

Source: Android phones are vulnerable to fingerprint brute-force attacks

There’s the more literal kind of “brute force” with fingerprints, too.

1 Like

Don’t know, Android apps on SFOS doesn’t even recognize fingerprint actually work… so no?

1 Like

Well, yes it is a problem on SFOS since 2019, at least on the XA2. Try it yourself: if you can wake the device only using a registered finger print, your device might be vulnerable to this issue, because as mentioned, the limit only applies to trying to unlock the device but not when waking the device.

That’s kinda what I was about to write.
I played with an Xperia 10 II before getting the III and I couldn’t even unlock it with my fingerprint registered twice!!
We are safe…!

Sony X Compact and XZ2 Compact is also safe

I agree, can’t read my own fingerprint, how is it going to be brute-forced into doing so? :joy:

So is there a way to disable the wake function with fingerprint on SFOS (and keep the unlock function only)?

So we’d have to press the button and then, unlock with the fingerprint.
Little hassle, but safer.
(I’m using fingerprint all day long to wake my XA2 up. Works well here.)