Jump to content
Phishing Emails & YouTube Messages - Fake Giveaway Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...
Snieky

NEW MAJOR ONEPLUS 6T FINGERPRINT SENSOR BUG FOUND!!

Recommended Posts

Posted · Original PosterOP

Thanks for reading,

 

So me and my friend just figured out this bug and are trying to spread the word. People's security is in danger because of this software/ hardware flaw

 

(This is how we believe it works)

If you quickly swipe the fingerprint sensor while opening the camera on the lockscreen you can trip the sensor by thinking its reading a registerd fingerprint because of the illumination for the optical sensor. This causes you to be able to bypass it and get into the phone.

 

https://youtu.be/sxz3FXNobhw

Link to post
Share on other sites
2 minutes ago, Snieky said:

Me and my friend just figured out this bug and are trying to spread the word. People's security is in danger because of this software/ hardware flaw

Wow. If it's real that's a major flaw.

Link to post
Share on other sites

It's quite similar to those flaws the iPhone had a few years ago.

Still, it's quite good to know this now. Thanks for sharing the word :) 


I'm not liable for anything that may happen to you and your PC if you decide to follow my advice. Take everything I say with a grain of salt, some things may not be correct.

Make sure to tag or quote who you are trying to reply to, that way they will see your answer.

Useful links: Community Standards | PSU Tier List 3.0 | Posting Guidelines | Build recommendations

 

Link to post
Share on other sites

1. Good job on responsible disclosure! /s

2. 

 


Current LTT F@H Rank: 54    Team Score: 135,154,583    Stats

November Event Rank: 16    November Event Score: 33,469,645

Thanks to everyone that folded in November!

My main rig:

CPU: Delidded :D i7 6700k @ 4.7GHz 1.46v 🔥

Cooler: Noctua NH-D15

Mobo: Asus Z170-A

RAM: 24GB 16GB Hyperx Fury Black @ 2900MHz 16-16-16-28

GPU: EVGA GTX 1060 6GB SC

PSU: EVGA G2 650W

SSDs: Samsung 850 evo 120 GB, Samsung 970 evo 500GB NVME, Samsung 860 evo 1TB

HDD: WD Caviar Blue 1 TB

Case: Fractal Design Define R5 Black Windowed

Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure.

 

New unRAID server (Plex, Windows 10 VM, NAS, urBackup, game servers):

CPU: Ryzen R7 2700x @ Stock

Cooler: Noctua NH-U9S

Mobo: Asus Prime X470-Pro

RAM: 16GB G-Skill Ripjaws V @ 3000MHz (+8GB HyperX black stolen from above desktop)

GPU: EVGA GTX 1080 FTW2

PSU: EVGA G3 850W

SSD: Samsung 970 evo 250GB

HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity)

Case: Sillverstone GD08B

Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header

Details: 8GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's virtdisk is on the SSD. Rest of resources are for Plex, urBackup, Gitlab, Nextcloud, and game servers.

Link to post
Share on other sites
Posted · Original PosterOP
1 minute ago, sazrocks said:

1. Good job on responsible disclosure! /s

2. 

 

Sorry, I am in quite a rush to get the word out, please dont close the thread!

Link to post
Share on other sites
56 minutes ago, Snieky said:

Thanks for reading,

 

So me and my friend just figured out this bug and are trying to spread the word. People's security is in danger because of this software/ hardware flaw

 

(This is how we believe it works)

If you quickly swipe the fingerprint sensor while opening the camera on the lockscreen you can trip the sensor by thinking its reading a registerd fingerprint because of the illumination for the optical sensor. This causes you to be able to bypass it and get into the phone.

 

https://youtu.be/sxz3FXNobhw

That's quite the bug. Good find.


 Motherboard  ROG Strix B350-F Gaming | CPU Ryzen 5 1600 | GPU Sapphire Radeon RX 480 Nitro+ OC  | RAM Corsair Vengeance DDR4 3000MHz 2x8Gb | OS Drive  Crucial MX300 525Gb M.2 | WiFi Card  ASUS PCE-AC68 | Case Switch 810 Gunmetal Grey SE | Storage WD 1.5tb, SanDisk Ultra 3D 500Gb, Samsung 840 EVO 120Gb | NAS Solution Synology 413j 8TB (6TB with 2TB redundancy using Synology Hybrid RAID) | Keyboard SteelSeries APEX | Mouse Razer Naga MMO Edition Green | Fan Controller Sentry LXE | Screens Sony 43" TV | Sound Logitech 5.1 X530

Link to post
Share on other sites

fuck responsible disclosure, oneplus gonna get bent over


Delidded 3770k 4.4GHz | Sapphire Nitro+ Special Edition RX 580 1550MHz/2250MHz  | #2 FireStrike Extreme & #2 Superposition 1080p Xtreme | 32GB DDR3 1600MHz

Link to post
Share on other sites

Dang... I know someone with a 6T. The next time I see them I'll see if I can try it out.

1 hour ago, Snieky said:

Sorry, I am in quite a rush to get the word out, please dont close the thread!

It won't get locked, the mods will just move it to a different sub forum if they feel it's not following the guidelines and once you edit it to be fixed they'll move it back. I personally think your post is probably fine since videos are usually a bit unique in that you can't exactly quote text or anything


Make sure to quote me or tag me when responding to me, or I might not know you replied! Examples:

 

Do this:

Quote

And make sure you do it by hitting the quote button at the bottom left of my post, and not the one inside the editor!

Or this:

@DocSwag

 

Buy whatever product is best for you, not what product is "best" for the market.

 

I seem to like any products who have the same software and hardware maker, as long as it's not Apple. Weird. I like the Surface Book and the Pixel phones, but most definitely don't want an iPhone (I'm not saying they're bad, though).

 

Interested in computer architecture? Still in middle or high school? P.M. me!

 

I love computer hardware and feel free to ask me anything about that (or phones). I especially like SSDs. But please do not ask me anything about Networking, programming, command line stuff, or any relatively hard software stuff. I know next to nothing about that.

 

Compooters:

Spoiler

Desktop:

Spoiler

CPU: i7 6700k, CPU Cooler: be quiet! Dark Rock Pro 3, Motherboard: MSI Z170a KRAIT GAMING, RAM: G.Skill Ripjaws 4 Series 4x4gb DDR4-2666 MHz, Storage: SanDisk SSD Plus 240gb + OCZ Vertex 180 480 GB + Western Digital Caviar Blue 1 TB 7200 RPM, Video Card: EVGA GTX 970 SSC, Case: Fractal Design Define S, Power Supply: EVGA Supernova G1 650 watt (soon to be Seasonic Focus+ Gold 650w Yay!), Keyboard: Logitech G710+, Mouse: Logitech G502 Proteus Spectrum, Headphones: Creative Fata1ty, Monitor: LG 29um67 (2560x1080 75hz freesync)

Home Server:

Spoiler

CPU: Pentium G4400, CPU Cooler: Stock, Motherboard: MSI h110l Pro Mini AC, RAM: Hyper X Fury DDR4 1x8gb 2133 MHz, Storage: PNY CS1311 120gb SSD + two Segate 4tb HDDs in RAID 1, Video Card: Does Intel Integrated Graphics count?, Case: Fractal Design Node 304, Power Supply: Seasonic 360w 80+ Gold, Keyboard+Mouse+Monitor: Does it matter?

Laptop (I use it for school):

Spoiler

Surface book 2 13" with an i7 8650u, 8gb RAM, 256 GB storage, and a GTX 1050

And if you're curious (or a stalker) I have a Just Black Pixel 2 XL 64gb

 

Link to post
Share on other sites
18 minutes ago, DocSwag said:

Dang... I know someone with a 6T. The next time I see them I'll see if I can try it out.

It won't get locked, the mods will just move it to a different sub forum if they feel it's not following the guidelines and once you edit it to be fixed they'll move it back. I personally think your post is probably fine since videos are usually a bit unique in that you can't exactly quote text or anything

This guy is the original source, his quote is his own word anyways.


Delidded 3770k 4.4GHz | Sapphire Nitro+ Special Edition RX 580 1550MHz/2250MHz  | #2 FireStrike Extreme & #2 Superposition 1080p Xtreme | 32GB DDR3 1600MHz

Link to post
Share on other sites
2 hours ago, 1kv said:

It's quite similar to those flaws the iPhone had a few years ago.

Still, it's quite good to know this now. Thanks for sharing the word :) 

Was there actually a bug with the iPhone's touch ID, The one I recall wasnt actually a bug but rather touch ID accurately detecting the finger and unlocking and someone quickly opening the camera to make it seem like an exploit. (And is the same thing happening here? I haven't watched the video)


PSU Tier List | CoC

Gaming Build | FreeNAS Server

Spoiler

i5-4690k || Seidon 240m || GTX780 ACX || MSI Z97s SLI Plus || 8GB 2400mhz || 250GB 840 Evo || 1TB WD Blue || H440 (Black/Blue) || Windows 10 Pro || Dell P2414H & BenQ XL2411Z || Ducky Shine Mini || Logitech G502 Proteus Core

Spoiler

FreeNAS 9.3 - Stable || Xeon E3 1230v2 || Supermicro X9SCM-F || 32GB Crucial ECC DDR3 || 3x4TB WD Red (JBOD) || SYBA SI-PEX40064 sata controller || Corsair CX500m || NZXT Source 210.

Link to post
Share on other sites
1 hour ago, 79wjd said:

Was there actually a bug with the iPhone's touch ID, The one I recall wasnt actually a bug but rather touch ID accurately detecting the finger and unlocking and someone quickly opening the camera to make it seem like an exploit. (And is the same thing happening here? I haven't watched the video)

I don't think it was a bug with the touch ID itself. I believe it was something like you'd open camera, take a photo, select 'share the photo using iMessage' or whatever and it'd let you in. It isn't anything to do with physical hardware like it is here, but it does utilise the camera app, which is why I suggested it was similar.


I'm not liable for anything that may happen to you and your PC if you decide to follow my advice. Take everything I say with a grain of salt, some things may not be correct.

Make sure to tag or quote who you are trying to reply to, that way they will see your answer.

Useful links: Community Standards | PSU Tier List 3.0 | Posting Guidelines | Build recommendations

 

Link to post
Share on other sites
23 minutes ago, 1kv said:

I don't think it was a bug with the touch ID itself. I believe it was something like you'd open camera, take a photo, select 'share the photo using iMessage' or whatever and it'd let you in. It isn't anything to do with physical hardware like it is here, but it does utilise the camera app, which is why I suggested it was similar.

I meant that the 'bug' didn't actually exist at all (unless there is another that I don't remember), but rather was just sleight of hand with the camera to fool viewers -- e.g. the person would actually unlock the phone, but switch to the camera to make it seem like there was an exploit to bypass Touch ID, when in reality, TouchID had authenticated correctly and the phone was already unlocked (correctly), but because of how things played out on film, it appeared as though TouchID was tricked by going through the camera app.


PSU Tier List | CoC

Gaming Build | FreeNAS Server

Spoiler

i5-4690k || Seidon 240m || GTX780 ACX || MSI Z97s SLI Plus || 8GB 2400mhz || 250GB 840 Evo || 1TB WD Blue || H440 (Black/Blue) || Windows 10 Pro || Dell P2414H & BenQ XL2411Z || Ducky Shine Mini || Logitech G502 Proteus Core

Spoiler

FreeNAS 9.3 - Stable || Xeon E3 1230v2 || Supermicro X9SCM-F || 32GB Crucial ECC DDR3 || 3x4TB WD Red (JBOD) || SYBA SI-PEX40064 sata controller || Corsair CX500m || NZXT Source 210.

Link to post
Share on other sites
1 minute ago, 79wjd said:

I meant that the 'bug' didn't actually exist at all (unless there is another that I don't remember), but rather was just sleight of hand with the camera to fool viewers -- e.g. the person would actually unlock the phone, but switch to the camera to make it seem like there was an exploit to bypass Touch ID, when in reality, TouchID had authenticated correctly and the phone was already unlocked (correctly), but because of how things played out on film, it appeared as though TouchID was tricked by going through the camera app.

Ohh, I see.. Sounds interesting.

Guess I might've got bamboozled then lol


I'm not liable for anything that may happen to you and your PC if you decide to follow my advice. Take everything I say with a grain of salt, some things may not be correct.

Make sure to tag or quote who you are trying to reply to, that way they will see your answer.

Useful links: Community Standards | PSU Tier List 3.0 | Posting Guidelines | Build recommendations

 

Link to post
Share on other sites

I see this was moved to general discussion but why is this not news? The rule says 

Quote

Your thread must include a link to at least one reputable source. Most of the time, this should be a respected news site.

but if this guy found this and doesn't work for a news site he can't report it as news?

Breaking fingerprint is pretty bad for security in general

 


Delidded 3770k 4.4GHz | Sapphire Nitro+ Special Edition RX 580 1550MHz/2250MHz  | #2 FireStrike Extreme & #2 Superposition 1080p Xtreme | 32GB DDR3 1600MHz

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Buy VPN

×