You’re not secure: Smartphone fingerprint sensors fooled by printouts
Two researchers -- Kai Cao and Anil K. Jain -- find out how easy it is to access the Samsung Galaxy S6 and Huawei Honor 7 with a fake fingerprintstech Updated: Mar 10, 2016 15:03 IST
Apple added the Touch ID to iPhones in 2013 with the iPhone 5s -- a phone worth invest in even though it’s 2016. Since then, Apple has launched four more phones with fingerprint sensors -- iPhone 6, 6 Plus, 6s, 6s Plus -- besides the multiple iPad tablets that depend on the same technology to authenticate its users. Even Android phone makers such as Google, Xiaomi, LG, Huawei, HTC, Samsung and OnePlus have put fingerprint sensors on their phone. With the launch of S7, expected launch of iPhone 5se, HTC M10 and new Nexus devices, the list is only expected to grow to a point that 50% of the smartphones sold after three years will sport a fingerprint scanner.
The method is convenient, quick and efficient, but not as secure as we’d like to believe. Two researchers from the Department of Computer Science and Engineering at Michigan State University, Kai Cao and Anil K. Jain set out to check how easy it was to access to these devices with a fake fingerprint. This is what they found:
#All you needed was a photograph of the authenticated fingerprint used to unlock a phone.
# Print the fingerprint on a transparent sheet with thick toner settings.
# Use a 3D printer to create a 2.5D fingerprint from latex milk or white wood glue.
# The success of the method depends on the hacker’s experience
# The process is time consuming, considering that the print takes 20-30 minutes to dry.
# The picture of the fingerprint can be obtained from objects the user has touched and scanning them at 300 dpi resolution.
# The process was successfully tested on the Samsung Galaxy S6 and Huawei Honor 7 with the latter being tougher to fool; maybe because it’s a less efficient or lenient at reading fingerprints in the first place.
The researchers also added that, “ We have proposed a simple, fast and effective method to generate 2D fingerprint spoofs that can successfully hack built-in fingerprint authentication in mobile phones. Furthermore, hackers can easily generate a large number of spoofs using fingerprint reconstruction  or synthesis  techniques which is easier than 2.5D fingerprint spoofs. This experiment further confirms the urgent need for anti-spoofing techniques for fingerprint recognition systems , especially for mobile devices which are being increasingly used for unlocking the phone and for payment. It should be noted that not all the mobile phones can be hacked using proposed method. As the phone manufactures develop better anti-spoofing techniques, the proposed method may not work for the new models of mobile phones. However, it is only a matter of time before hackers develop improved hacking strategies not just for fingerprints, but other biometric traits as well that are being adopted for mobile phones (e.g., face, iris and voice).”
First Published: Mar 10, 2016 14:03 IST