Biometric authentication bypass

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.

https://rethinkfirewall.com/

Apache License 2.0

2.79k stars 140 forks source link

Biometric authentication bypass #1058

Closed ignoramous closed 5 months ago

ignoramous commented 11 months ago

Bio auth can be bypassed. A user writes,

Steps to reproduce:

Enable biometric authentication

Restart app to get prompted the biometric authentication

Keep giving the wrong fingerprint

Device prompts user to input password

Cancel

Reopen the app

Biometric authentication bypassed

ignoramous commented 11 months ago

Another

First I have to say that I've bene loving your product. It suits all of my needs and almost bottom line perfect. Unfortunately one specific problem has been bothering me to the point that I don't think the app will still be viable for me. You see, one very important feature for me is to be able lock the app via finger print sensor. This very useful option has been rendered totally useless by the possibility of bypassing finger print autentication by togglig the start/pause button via android quick settings inside the notifications shade.

On Android, if not set to "Always-on", VPN apps can still be turned OFF by other VPN apps competing for the singular tunnel. Even if not, users themselves can turn OFF a VPN from Android's Settings page.

Terrance commented 5 months ago

Not sure if this is a regression from the above, but in v055d at least I can bypass the fingerprint prompt by backing out of it:

https://github.com/celzero/rethink-app/assets/4025899/88e1fb79-96bc-488f-a42f-d6b44a7685b5

The prompt itself is protected from screen capture, but it appears twice and I just dismiss it each time with a back gesture. After that, the app is accessible as normal, but I get kicked out if I go back from another screen to the main activity.

ignoramous commented 5 months ago

I think we should implement a trampoline activity like WhatsApp does and like we do when Rethink is "Paused".

ignoramous commented 5 months ago

Fix released in v055e.

Terrance commented 5 months ago

Backing out no longer bypasses authentication. 👍

It does seem to be a bit temperamental if opened via recent apps, but this may well be an OS issue as I'm fairly sure I've seen this happen in the past with other apps utilising biometric auth. For completeness though:

after selecting Rethink from recently opened apps, the main screen appears for a moment, then disappears (putting me back at my home screen), then the biometric prompt appears over that but with no fingerprint scanner
I can back out to return to my home screen
password fallback option is there, and I can type my password in, but that also just dismisses the prompt and leaves me on the home screen

ignoramous commented 4 months ago

after selecting Rethink from recently opened apps, the main screen appears for a moment, then disappears (putting me back at my home screen), then the biometric prompt appears over that but with no fingerprint scanner. I can back out to return to my home screen. password fallback option is there, and I can type my password in, but that also just dismisses the prompt and leaves me on the home screen

Sorry, this is confusing to visualize. Can you confirm if I got it right:

Open Rethink from recent apps on another screen
You get taken to Homescreen and biometric auth shows up, then immediately disappears but leaves you with the only option to type in a password instead

The UX around this will improve when we implement a trampoline activity like we do for Pause mode (WhatsApp for example has a separate UI to just handle auth, which kind of addresses the edge cases like auth dismissing without user interaction).

Terrance commented 4 months ago

Unfortunately Android doesn't let me capture it, but when working correctly, you open Rethink after a while since last authenticating, and you get three "layers":

Rethink's Home screen
the Android prompt on top of that, asking to provide biometric auth, including a Password button to fall back to that
the Android fingerprint reader itself, lit up at the bottom of the screen

What I'm seeing when launching from recents is this:

Rethink's Home screen opens
a moment later it closes again, returning me to my Android launcher
an Authentication cancelled toast from Rethink shows
the biometric prompt then appears over my launcher, but the fingerprint reader doesn't light up at all

Effectively I end up with only layer 2 from above.

ignoramous commented 4 months ago

Thanks. Fairly easy to reproduce. Tracking it here: https://github.com/celzero/rethink-app/issues/1362

mvevitsis commented 1 month ago

On mine once I input my fingerprint it seems to stay unlocked forever.

Edit: it eventually relocks, but I think it should be immediately when the app closes and not after long while.

ignoramous commented 1 month ago

Edit: it eventually relocks, but I think it should be immediately when the app closes and not after long while.

It locks after 15mins. Providing another knob to the user where they can adjust this 15mins timeout is not in our immediate plans.

Terrance commented 1 month ago

Hm, something may be up with that, as I think mine has also been staying unlocked -- I didn't get prompted when I opened the app after your comment, nor just now, and I don't actually recall the last time I was prompted. Swiping the app away from recents and reopening doesn't prompt me either.