- There are just three steps to method: scan fingerprint, print, open phone
- Just need AgIC ink cartridges and paper and a standard inkjet printer
- This technique makes it easy for hackers to lift prints off of stolen phones
- Goal of paper is to awarness about vulnerability of fingerprint sensors
16
View
comments
Researcher have proved it's possible to trick an Android fingerprint sensor with office supplies and 15 minutes of your time.
The technique involves a method using a 300 dpi scan of a fingerprint to print, conductive ink, glossy paper and a standard inkjet printer.
Once the fingerprint is scanned, simply print it out with the special ink, cut the images the same size as your real finger print and place it on the phone to bypass the sensor.
Scroll down for video
The technique involves a method using a 300 dpi scan of a fingerprint to print, conductive ink, glossy paper and a standard inkjet printer. Once the fingerprint is scanned, simply print it out with the special i nk, cut the images the same size as your real finger print and place it on the phone to bypass the sensor
Researchers from Michigan State University show just how easy it is to lift a smartphone's owner fingerprint, with the hopes of raising awareness of the vulnerability of finger print authentication.
'Once the printed 2D fingerprints are ready we can then use them for spoofing mobile phones,' reads the published study.
'In our spoofing experiment, we selected Samsung Galaxy S6 and Huawei Hornor 7 phones as examples.'
'We enrolled the left index finger of one of the authors and used the printed 2D fingerprint of this left index finger to unlock the fingerprint recognition systems in these phones.'
This hack has just a three main steps and can be done in the comfort of your own home.
First lift the fingerprint you use to unlock your phone and scan it into your computer.
Scan the fingerprint image at 300 dpi or high resolution, but be sure to reverse the image horizontally so it will be a replica of the real thing.
Next install the AgIC ink cartridges and the regular black on into the printer, as well as the glossy paper.
Once you have completely the steps, just print the image out the same size as your real fingerprint, cut one out and roll it over the sensor, which should instantly unlock the device.
'We have proposed a simple, fast and effective method to generate 2D fingerprint spoofs that can successfully hack built-in fingerprint authentication in mobile phones,' reads the study.
'Furthermore, hackers can easily generate a large number of spoofs using fingerprint reconstruction or synthesis techniques which is easier than 2.5D fingerprint spoofs.'
This past Mobile World Congrees, Vkansee president Jason Chaikin demonstrated just how easily these sensors can be bypassed by lifting another person's fingerprint with common molding materials.
'In our spoofing experiment, we selected Samsung Galaxy S6 and Huawei Hornor 7 phones as examples.' 'We enrolled the left index finger of one of the authors and used the printed 2D fingerprint of this left index finger to unlock the fingerprint recognition systems in these phone'
Using just a dental mould and a small amount of Play-Doh, fingerprints can be replicated to break into an iPhone in just a few attempts, it's said.
First, the phone owner presses their finger into the dental mold for five minutes, reads a blog post from the Wall Street Journal.
First lift the fingerprint you use to unlock your phone and scan it into your computer. Scan the fingerprint image at 300 dpi or high resolution, but be sure to reverse the image horizontally so it will be a replica of the real thing. Next install the AgI C ink cartridges and the regular black on into the printer, as well as the glossy paper
This hack has just a three main steps and can be done in the comfort of your own home. Once you have completely the steps, just print the image out the same size as your real fingerprint, cut one out and roll it over the sensor, which should instantly unlock the device.
This isn't the first time fingerprints have been printed to bypass the security sensors.
In 2013, hackers proved they could get around the Touch ID by lifting the print from a glass surface and printing it – similar to the method from Michigan University.
And in the same year, a Youtuber shared a trick of creating a mock fingerprint using just Gorilla Glue or Elmer's Glue.
'We have proposed a simple, fast and effective method to generate 2D fingerprint spoofs that can successfully hack built-in fingerprint authentication in mobile phones,' reads the study. 'Furthermore, hackers can easily generate a large number of spoofs using fingerprint reconstruction
In a response to the 2013 hacks, Rich Mogull of Securosis explained that the fingerprint-based security systems provide 'as much security as a strong passcode with the convenience of no passcode,' for the average user.
This holds true even now, in light of the recent Play-Doh hack concerns, Mogull explained in an email to Dailymail.com.
'These are low risk unless someone is specifically targeting you, and that person is either someone you trust that has great access to you and the device, or they are very technically proficient and motivated.
'Remember, on iOS your phone will time out the fingerprint sensor on every reboot or after 48 hours of inactivity. That really reduces the risk even if you lose your phone.
'You can also just turn the feature off whenever you want.'
'For example, I've been known to do that at certain hacker conferences... more for my friends messing with me than any real threat.
'Just think through what it would take for someone to get a good fingerprint and your device, and before you notice it and could remotely locate or erase it.'
'That really isn't something most people need to worry about.'
