An Inkjet Printer is All You Need to Hack a Smartphone’s Fingerprint Scanner

No two fingerprints are alike. It’s an undisputable fact that’s allowed humanity to make huge strides in criminal justice, record-keeping, and even fortune telling. But one of the greatest advantages of our distinguishable digits? They’re helping us log in to our smartphones securely, via fingerprint scanners.

Now for the twist: turns out it’s surprisingly easy to make copies of fingerprints. That means new opportunities for hackers to break into smartphones that rely on this form of authentication.

Several phones were recently unlocked through their fingerprint scanners, when security researchers printed fingerprints on inkjet printers. Although this technique first surfaced in an academic paper, it has since even been featured in a demonstrative How to Hack a smart phone .

To pull this off, a perpetrator only needs two tools. They need to purchase 1) any ordinary inkjet printer and 2) electricity-conducting specialty ink. Both are easily available on the Web at a cheap price. The smartphone owner’s fingerprints would also need to be captured on an image file, then printed with these tools, in order to work. So the real challenge for cybercriminals would be stealing the fingerprint in the first place.

It may sound far-fetched, but stealing fingerprints isn’t an impossible feat. In 2014, hackers used photographs of the German Defense Minister to reproduce hers. It’s also key to remember that this day in age, our medical and personal data is more vulnerable than ever. Stories appear every day about hacks on hospitals, universities, and businesses hosting the sort of data we use to log in to our devices. In one such act, when the Office of Personnel Management was breached last year, the fingerprints of 5.6 million government employees were stolen.

Just think about it: we all have fingerprints stored in some database, somewhere. In addition, many of us have photos of our hands on the Web—which are likely available to the public.

We are entering an era where biometric data is becoming a substitute for passwords. True, these features are unique for each person. But they may also be available for others to copy. Biometric security concerns are currently a highly debated topic among legal institutions and businesses. But what about the effects on users themselves? For us, the truth is, copying fingerprints isn’t the first instance of biometric hacking, and it won’t be the last.

In all of history, no other human has had your fingerprints. They’re completely unique to you, making them a serious factor in your personal identification. But fingerprint scanners alone are no longer enough to log in to devices securely.

So, as passwords are on their way out, what can you do to stay on top of secure authentication?

  • Enable multi-factor authentication. Many security protocols let you customize settings. Instead of relying solely on fingerprints to access your phone, you can require additional steps such as facial recognition or a PIN. Sure, this may not be as convenient, but it is a small price to pay for making a cybercriminal’s job much more difficult.
  • Know where your phone is. Perpetrators are always looking for access to a device. Even if your biometric information is captured, they’ll need your phone to do the deed. Don’t leave your phone alone, and know its whereabouts at all times.
  • Turn to a secure log in solution. Not all fingerprint scanners, or any biometric authentication methods for that matter, are equal. Look into new solutions, like McAfee True Key, the easier, safer way to unlock your digital world. True Key’s new Master Password Reset feature is also helping users take more control of how they log in. You can visit TrueKey.com to learn more.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @Mcafee_Home on Twitter, and ‘Like’ us on Facebook.

gary

Leave a Comment

1 × 4 =