Fingerprint scanners, which have become increasingly popular on smartphones, can be fooled using a simple 2D image printed on an ordinary paper. Researchers at Michigan State University have successfully demonstrated how an inkjet printer need only print an image of a fingerprint, which can be easily held against the biometric sensor to unlock a smartphone.
Fingerprint scanners are being increasingly incorporated in modern day smartphones. They are considered much tougher to bypass as compared to a password or pre-registered patterns. Fingerprints are unique, and unless the hacker has access to the finger that’s used to unlock the smartphone, it is assumed it is impossible to gain access to content on the phone. These fingerprint scanners vary in design and technology, but essentially rely on a pre-registered impression to authenticate the user and unlock the smartphone.
How does one bypass a fingerprint scanner? The researchers used silver conductive ink, which is designed to print circuit boards, and a special paper designed for printing electric circuits. For the project, they relied on AgIC silver conductive ink cartridges, as well as AgIC conductive paper, which are pretty easily available. These cartridges come in a three-pack, conveniently replacing the standard Yellow, Magenta, and Cyan colored cartridges found in the inkjet printer, reported Business Insider.
The next step involved getting hold of the fingerprint or at least, a reliable and full impression. The researchers scanned a finger at 300 dpi and then simply reversed the image in a horizontal direction because that’s how the fingerprint scanner on the smartphone “sees” it.
Once the image was resized to the size of an actual fingerprint and printed out, the hack worked like a charmed, confirmed the researchers through a neatly compiled video. Interestingly, the researchers cut the paper down to a little larger size than the fingerprint itself, but the printed fingerprint managed to unlock the smartphone every single time, proving these biometric access denial systems can be fooled. To demonstrate the hack, researchers used a Samsung Galaxy S6 and Huawei Honor 7, and the trick worked on both the devices, reported the Guardian.
The researchers are confident that if applied correctly, the method should work on most smartphones out in circulation today. However, the demonstration was notably missing an iPhone.
Printing a fingerprint and using it to fool the biometric security system isn’t a new technique. However, earlier methods relied on a 2.5D image of the fingerprint using either latex milk or glue, reported Digital Trends. While these methods did work, the only problem was that the materials required about 20 to 30 minutes to dry and set. On the other hand, the silver conductive ink sets instantly and by its inherent nature is 2.5D.
The researchers insist they demonstrated the loophole within the biometric security system only to raise awareness and persuade smartphone manufacturers to develop better anti-spoofing techniques. They added that smartphone companies are aware of the vulnerabilities and newer fingerprint scanners could prove to be a lot more complex to fool.
Before smartphone buyers are put off from such authentication methods, MSU researchers shared that the method might be a little more complex than what they made it out to be. To fool the system, hackers will need a clean fingerprint, which isn’t easy to get hold of. Moreover, the AgIC’s cartridges, which were used in the project, presently work on specific Brother Printers, which have been discontinued.
This method merely proves there’s a remote possibility of bypassing the biometric security system. FBI has been pestering Apple to unlock its iPhones for quite some time. Could the agency explore such options?
[Photo by Glenn Chapman/Getty Images]