Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mobile application biometric authentication is prone to bypasses #1898

Closed
Tracked by #1368
Balanced02 opened this issue Jul 3, 2023 · 0 comments
Closed
Tracked by #1368

Mobile application biometric authentication is prone to bypasses #1898

Balanced02 opened this issue Jul 3, 2023 · 0 comments
Assignees
@Balanced02
Labels
type: bug type: security
Milestone
Sprint 69

Comments

@Balanced02
Copy link
Contributor

Expected behavior

Should implement biometrics authentication at the keychain level and not application level

Actual behavior

The authorization is implemented at application level, instead of keychain level. Therefore, it is prone to bypasses – users may access plaintext passwords without biometric authentication in some cases.

Recommendations

Use the react-native-keychain’s BIOMETRY_CURRENT_SET flag to allow access to passwords only with already enrolled fingerprints.

Which version(s) does this affect? (Environment, OS, etc...)

  • iOS and android
@sridharmeganathan sridharmeganathan added this to the Sprint 67 milestone Jul 3, 2023
@sridharmeganathan sridharmeganathan mentioned this issue Jul 4, 2023
Closed
97 tasks
@Balanced02 Balanced02 mentioned this issue Jul 4, 2023
Merged
3 tasks
@Balanced02 Balanced02 self-assigned this Jul 4, 2023
@Balanced02 Balanced02 mentioned this issue Jul 11, 2023
Merged
@github-project-automation github-project-automation bot moved this from Backlog to Done in Lisk Mobile Version 3.0.0 Jul 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Balanced02 Balanced02

Labels
type: bug type: security
Projects
No open projects
Lisk Mobile Version 3.0.0
Status: Done
Milestone
Sprint 69
Development

No branches or pull requests
2 participants
@Balanced02 @sridharmeganathan