Mobile application biometric authentication is prone to bypasses #1898

Balanced02 · 2023-07-03T09:51:33Z

Expected behavior

Should implement biometrics authentication at the keychain level and not application level

Actual behavior

The authorization is implemented at application level, instead of keychain level. Therefore, it is prone to bypasses – users may access plaintext passwords without biometric authentication in some cases.

Recommendations

Use the react-native-keychain’s BIOMETRY_CURRENT_SET flag to allow access to passwords only with already enrolled fingerprints.

Which version(s) does this affect? (Environment, OS, etc...)

iOS and android

The text was updated successfully, but these errors were encountered:

Balanced02 added type: bug type: security labels Jul 3, 2023

sridharmeganathan added this to the Sprint 67 milestone Jul 3, 2023

sridharmeganathan mentioned this issue Jul 4, 2023

Prepare Lisk Mobile v3.0.0 for rc #1368

Closed

97 tasks

Balanced02 mentioned this issue Jul 4, 2023

Mobile application uses invalid KDF algorithm and parameters #1911

Merged

3 tasks

Balanced02 self-assigned this Jul 4, 2023

Balanced02 mentioned this issue Jul 11, 2023

BugFix: Biometrics authentication at keychain level #1918

Merged

Balanced02 closed this as completed Jul 12, 2023

sridharmeganathan modified the milestones: Sprint 67, Sprint 69 Jul 31, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mobile application biometric authentication is prone to bypasses #1898

Mobile application biometric authentication is prone to bypasses #1898

Balanced02 commented Jul 3, 2023

Mobile application biometric authentication is prone to bypasses #1898

Mobile application biometric authentication is prone to bypasses #1898

Comments

Balanced02 commented Jul 3, 2023

Expected behavior

Actual behavior

Recommendations

Which version(s) does this affect? (Environment, OS, etc...)