Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

spoofing

You can trick a smartphone fingerprint scanner in just 15 minutes with a printer

Not all smartphones can be tricked this way but it’s still a concern for users.

IT’S POSSIBLE TO trick a smartphone’s fingerprint scanner with just 15 minutes, a regular inkjet printer, and some special ink.

Researchers from Michigan State University have published a paper on a new technique for breaking into smartphones by tricking their fingerprint scanners with an image printed with conductive ink.

The process makes use of products from AgIC, a company that produces conductive inks and special paper (it’s intended for making DIY circuit boards).

(We first saw the research over on Boing Boing.)

The process is fairly simple.

1) First, you need a good photo of the target’s fingerprint. This might be lifted off a glass surface. You scan it into the computer and reverse it (so it looks normal again once printed).
2) Next, get any normal inkjet printer, and install some AgIC conductive ink cartridges, as well as special AgIC glossy paper.
3) Then print the fingerprint onto the paper the same size it would be if it was a normal fingerprint.

And with that, you’re done! You can use that print to gain access to some smartphones – the researchers (successfully) attempted to break into the Samsung Galaxy S6 and the Huawei Honor 7 for the test.

screen shot 2016-03-07 at 09.43.34 Michigan State University Michigan State University

The researchers close by calling for better checks to be put in place to prevent this kind of spoofing. As increasing numbers of smartphones use fingerprints for ever-more purposes, from unlocking to authorising payments, it puts more users at risk of these kind of attacks.

And unlike passcodes, it’s almost impossible to “hide” your fingerprint: You leave it on everything you touch.

They conclude (emphasis ours):

In summary, we have proposed a simple, fast and effective method to generate 2D fingerprint spoofs that can successfully hack built-in fingerprint authentication in mobile phones. Furthermore, hackers can easily generate a large number of spoofs using fingerprint reconstruction or synthesis techniques which is easier than 2.5D fingerprint spoofs. 
This experiment further confirms the urgent need for anti-spoofing techniques for fingerprint recognition systems, especially for mobile devices which are being increasingly used for unlocking the phone and for payment. It should be noted that not all the mobile phones can be hacked using proposed method. As the phone manufactures develop better anti-spoofing techniques, the proposed method may not work for the new models of mobile phones.
However, it is only a matter of time before hackers develop improved hacking strategies not just for fingertips, but other biometric traits as well that are being adopted for mobile phones (e.g., face, iris and voice).

Here’s a video demonstrating the process.

Michigan State University / YouTube

Read: This is what reading looks like when you have dyslexia >

Read: Bad news for Apple users as first ever ransomware targeting Macs appears >

Published with permission from
Business Insider
Your Voice
Readers Comments
19
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.