Researchers can unlock some Android phones with inkjet-printed fingerprints

[steven36]

Two researchers have figured out how to unlock some Android-based smartphones with a remarkably low-tech method.

 

 

Michigan State University researchers Kai Cao and Anil Jain have shown in a recently-published paper how they can spoof a phone owner's fingerprints far quicker and easier than previous methods, like using gummy candies.

 

Their trick? Use an inkjet-printed fingerprint.

 

The researchers explained that they can take a high-resolution photo of a smartphone owner's fingerprint, flip it horizontally, then print the photo conductive ink cartridges on the glossy side of a certain kind of paper.

They were able to spoof Samsung's Galaxy S6 and Huawei's Honor 7 devices in separate occasions.

 

It could be seen as a breakthrough by hackers, malicious actors, and law enforcement -- particularly given the recent sensitivity towards US federal agents increasingly demanding access to smartphones.

 

Smartphones in the past few years following the debut of the iPhone 5s are increasingly including fingerprint sensors as a way to beef up device and data security, but no system is perfect.

 

In the weeks following the release of the fingerprint-enabled iPhone, security researchers busted the system wide open using a latex material, earning a massive bounty for their work. Since then, hackers have ramped up their assault on the technology. One case saw researchers remotely stealing locally-stored fingerprints on some affected Android devices.

 

"It is only a matter of time before hackers develop improved hacking strategies not just for fingerprints, but other biometric traits as well that are being adopted for mobile phones," say the researchers.

 

The Source

[RejZoR]

I've always said fingerprint scanners are dumb idea. Why? Because you're leaving god damn key for it everywhere! Everything you touch, you leave a key there (so to speak). Are you doing the same with regular passwords? Nope.

 

Only way to make fingerprint scanner somewhat secure is to:

- scan a fingerprint

- detect surface conductivity

- detect veins in a finger and blood flow through them

- detect finger translucency

 

Then you combine all these characteristics and grant or deny an unlock. And trust me, even all this can be cheated because you still have the master key that everyone is leaving all over the place. You just have to figure out how to bypass all the other security checkpoints. A numerical 4 digit password however has 10.000 combinations. Most phones have a lockdown after 5 failed attempts. What are the odds you're going to cheat password one faster than a fingerprint scanner?

 

Finger print scanners are a cool fancy gimmick for movies, not for reality. Or, if we are honest, fingerprint scanners are useful, if you want to keep your sister/brother away from reading your SMS messages or viewing your photo gallery, because it's convenient. I wouldn't trust protecting seriously sensitive data with it though.

[davmil]

That's only the half of it Rejzor.  Once one's bio-metric passwords are compromised you're screwed.  You can't change them like a regular password.  We need something stronger than regular passwords (universally available 2 factor password strategy/text back temp keys, etc.) but I don't think bio-metrics as currently implemented are going to be the answer.

[davmil]

18 hours ago, steven36 said: