Well, at least a couple fingerprint sensors.
Fingerprint sensors built into smartphones are supposed to be a security feature. But an increasing number of researchers are dismantling them with ease.
A team at Michigan State University recently published a YouTube video describing how they could spoof the fingerprint sensor built into the Samsung Galaxy S6 and Huawei's Honor 7 into believing it was the owner's real finger simply by using special paper and ink.
First, the researchers needed the person's actual fingerprint, so they took the print assigned to the button and scanned it into a computer. From there, they inserted a special AgIC paper into their printer and used AgIC silver conductive ink cartridges. After printing out the fingerprints, they placed them against the devices and they were in.
"We tried several fingers of different subjects and all of them can successfully hack these two phones," the researchers wrote in a report (PDF) published last month. But, the Huawei Honor 7 is slightly more difficult to hack (more attempts may be required) than Samsung Galaxy S6.
AgIC is a special kind of material that effectively turns standard paper into a circuit board. And since it's conductive, it's a perfect material for interacting with a fingerprint sensor, according to the researchers. What's more, AgIC ink and paper isn't hard to come by.
Still, the fingerprint spoof is just the latest way to sidestep sensors. Users have been able to use everything from a heavy amount of ink toner to glue to make a fingerprint sensor believe it's the real thing. In addition to Android-based devices, Apple's iPhone has also been targeted in those experiments.
That said, there is no proof that spoofing has been done on a wide scale. Part of the issue is that the hacker would still need the person's fingerprint. Plus, it can often take significant time to create a fake fingerprint (think of how long it takes for glue to dry alone), which could frustrate some would-be hackers.
But that hasn't stopped researchers from calling on fingerprint sensor makers and smartphone manufacturers to think more about security.
"This experiment further confirms the urgent need for antispoofing techniques for fingerprint recognition systems, especially for mobile devices which are being increasingly used for unlocking the phone and for payment," the researchers said in their statement.
Looking ahead, biometrics is expected to expand to include voice, face, and iris identification. But as with fingerprints, it might eventually be possible for sophisticated hackers to attack those technologies, as well.