As the entire smartphone industry moves toward making fingerprint scanners the default biometric security method, researchers at Michigan State University have demonstrated a major problem with the security measure. A regular inkjet printer using conductive inks can be used to print fingerprints on paper and unlock fingerprint scanner-equipped phones including the Galaxy S6 and honor 7.
87% of Android devices are insecure due to lack of security updates
In an incredibly unnerving video, the researchers demonstrate how easily prints lifted off the phone itself can be printed out with an everyday printer and used to unlock the devices. The scariest part of this demonstration is that the phones are unlocked with a piece of paper. It works because the researchers use a conductive ink and paper by a company called AgIC. The entire process can reportedly be completed in 15 minutes.
As the researchers note, the original fingerprint spoof method pioneered by Germany’s Chaos Computer Club on the iPhone 5s used a time-consuming manual method for creating a 2.5D print out of wood glue or latex milk. This new technique simply prints a copy of the lifted fingerprint (after it has been flipped horizontally) onto AgIC paper.
As the researchers note: “this experiment further confirms the urgent need for anti-spoofing techniques for fingerprint recognition systems, especially for mobile devices which are being increasingly used for unlocking the phone and for payment.” Fortunately, the researchers admit that the method cannot be used to unlock all phones, but warn that as OEMs improve anti-spoofing techniques, so too will hackers develop improved hacking strategies.
Do you use a fingerprint scanner? How secure did you think they were?