We’ve all seen the movies where spies try to gain access to areas protected by fingerprint scanners, ranging from the extreme (cutting off fingertips) to the technical (using latex copies of another person’s fingerprints). Kai Cao and Anil K. Jain, a pair of researchers from the Department of Computer Science and Engineering at Michigan State University, have figured out how to hack fingerprint scanners on a pair of smartphones using inkjet printers and a special conductive ink.
While hacking fingerprint scanners isn’t new — a German group hacked the iPhone 5s fingerprint scanner using latex milk and white wood glue — this method generates a spoof fingerprint rather quickly. Cao and Jain summarized the process in three simple steps (although obtaining a scan of the target fingerprint may take a bit of doing):
- Install three AgIC4 silver conductive ink cartridges as well as a normal black ink cartridge in a color inkjet printer (Brother MFC-J5910DW printer was used by us); better conductivity can be achieved if a brand new (unused) printer is used;
- Scan the target fingerprint image (of the authorized user) at 300 dpi or higher resolution;
- Mirror (reverse the image in the horizontal direction) and print the original or binarized fingerprint image on the glossy side of an AgIC special paper.
The duo used the technique successfully on both the Samsung Galaxy S6 and the Huawei Honor 7 smartphones, as can be seen in the images below. They also did mention that the Honor 7 was slightly more difficult to hack than the Galaxy S6 and required multiple attempts to unlock the device using this method.
The pair recognizes that there are other ways to spoof fingerprints, and also admit that not all mobile devices with fingerprint scanners can be hacked into using this method. What they are trying to do is bring to the forefront the need for mobile device manufactures to focus even more on anti-spoofing techniques for fingerprint and other biometric recognition systems.
Check out the video of the pair hacking these devices with this method:
What do you think of this new method of hacking fingerprint scanners on mobile devices? Cause for concern, or much ado about nothing? Let us know in the comments below, or on Google+, Twitter, or Facebook.[button link=”http://www.cse.msu.edu/rgroups/biometrics/Publications/Fingerprint/CaoJain_HackingMobilePhonesUsing2DPrintedFingerprint_MSU-CSE-16-2.pdf” icon=”fa-external-link” side=”left” target=”blank” color=”285b5e” textcolor=”ffffff”]Source: MSU[/button]