search

smstuebe / xamarin-fingerprint

Xamarin and MvvMCross plugin for authenticate a user via fingerprint sensor
Microsoft Public License
494 stars 118 forks source link

iOS vulnerable to biometric bypass via "objection" #236

Open ssuppan opened 1 year ago

ssuppan commented 1 year ago

My company did some pen testing on our Xamarin native app which is using plugin.fingerprint. They were able to bypass biometric authentication via "objection v1.11.0". This script/program allows a local user to hook into EvaluatePolicy() and EvaluateAccessControl(). When a bad fingerprint is scanned, you can return "true" instead of "false" and gain access to the app.

Supporting documentation can be found here.

Steps to reproduce

  1. objection -g explore

Expected behavior

The objection script/program should not be able to bypass the bad fingerprint read

Actual behavior

The objection script/program permits the pen tester to bypass fingerprint authentication

Crashlog

If something causes an exception paste full stack trace + Exception here

Configuration

Version of the Plugin 2.1.5

Platform: iOS 12.X and greater

Device: iPhone 12

smsissuechecker commented 1 year ago

Hi @ssuppan,

I'm the friendly issue checker. Thanks for using the issue template :star2: I appreciate it very much. I'm sure, the maintainers of this repository will answer, soon.

ssuppan commented 1 year ago

This is not only an issue for fingerprint read on iOS. I believe that Face ID is also vulnerable.

jvillaro commented 1 year ago

Yes this is an issue that we come to via the ethical hacking of our apps. I hope someone can help out