MSU Computer Science researchers Kai Cao and Anil K Jain published a new paper describing a <$500 method for using a 300dpi scan of a fingerprint (which can be captured from a fingerprint sensor itself) to produce a working replica printed with conductive ink fed through a normal inkjet printer, in a prodcedure that takes less than 15 minutes.
Biometric identifiers are the new hotness in information security, but have significant deficits as authentication tokens, including the fact that biometrics are intrinsically leaky (you reveal your retinas by looking at things and your gait by walking, and shed DNA and leave fingerprints behind everywhere you go) and they can't be revoked once they leak (you can't get new fingerprints when griefers dump your existing ones on the Internet).
People have been hacking fingerprint sensors with gummi bears for more than a decade. In 2013, researchers from the Chaos Computer Club (which had previously dumped 10,000 copies of a scan of the fingerprints of a German government official who'd pushed for biometric ID cards) showed they could create working fake fingers out of gummi that unlocked Iphones, developing a good generalised critique of fingerprint readers in the process.
Fingerprint readers have a legal deficit in the USA, too: though the Fifth Amendment protects people in the USA from being compelled to reveal their phones' unlock codes, it does not prevent the police from forcing you to use your fingerprint to unlock your device (the logic being that the Fifth prevents the compelled disclosure of something you know, but not the compelled production of something you have, including your fingerprints).
The MSU researchers' attack on fingerprint readers worked well on various Samsung phones, and less well on some Huawei phones. However, this is preliminary work; with further research the pair may well discover tunings and optimizations for each sensor's idiosyncrasies.
In summary, we have proposed a simple, fast and effective method to generate 2D fingerprint spoofs that can successfully hack built-in fingerprint authentication in mobile phones. Furthermore, hackers can easily generate a large number of spoofs using fingerprint reconstruction [3] or synthesis [4] techniques which is easier than 2.5D fingerprint spoofs. This experiment further confirms the urgent need for antispoofing techniques for fingerprint recognition systems [5], especially for mobile devices which are being increasingly used for unlocking the phone and for payment. It should be noted that not all the mobile phones can be hacked using proposed method. As the phone manufactures develop better anti-spoofing techniques, the proposed method may not work for the new models of mobile phones. However, it is only a matter of time before hackers develop improved hacking strategies not just for fingerprints, but other biometric traits as well that are being adopted for mobile phones (e.g., face, iris and voice).
Hacking Mobile Phones Using 2D Printed Fingerprints [Kai Cao and Anil K. Jain/Department of Computer Science and Engineering, Michigan State University]
(via /.)
Amazon's Kindle devices run a custom version of Android that, until today, supported full-disk encryption. Now they don't.
READ THE REST
An unnamed shipping company had its unpatched content management system hacked by sea-pirates, who then sorted the ships at sea by the value of their cargo to help prioritize attacks to maximize the take.
READ THE REST
The US government is attempting to force Apple to backdoor its Iphone security, congress is considering mandatory backdoors for all secure technology, and FBI director James Comey insists that this will work, because there's no way that America's enemies might just switch over to using technology produced in other countries without such mandates.
READ THE REST
You're never not snapping. You're the one taking pictures of your delicious food at restaurants, your couple friends smooching, your dog's adorable snuggles, the trees and flowers when the light behind them is just right. The moment was born to be captured and you've got your phone or camera out to make it happen. Right […]
READ THE REST
Don't pin yourself down and limit your career to one niche. Be a Renaissance person. These days on the tech and startup scene, it's helpful to have a wide professional range and for 97% off, the eduCBA Tech Training Bundle can help you develop and master all the skills you could ever want. Working in […]
READ THE REST
These days it seems like every job description includes a hefty requirement of computer know-how. Coding is the new typing and everyone needs to get hip to it already. But where to even begin? For a newbie, brogrammers who can build anything are totally intimidating and you don't have time to go back to school. […]
