New Research Finds That Fake Fingerprints Unlock Mobile Phones With A Pass Rate Of 80%

New Research Finds That Fake Fingerprints Unlock Mobile Phones With A Pass Rate Of 80%

No technology is absolutely safe.

“Bypassing Touch ID is no challenge at all,” said hackers in 2013 when they defeated Touch ID with fake fingerprints less than 48 hours after the iPhone 5S technology was launched.

Although with the iterative upgrade of technology, the threshold for fingerprint unlocking is getting higher and higher, but fingerprint recognition is still not so secure.

It starts with a research result of Talos Security Group.

The pass rate of fake fingerprints is as high as 80%

Recently, according to foreign media reports, Talos Security Group did a study. They spent $2,000 to test fingerprint authentication provided by Apple, Microsoft, Samsung, Huawei and three lock manufacturers within a few months. The results show that fake fingerprints can fool your phone with an 80% success rate and successfully unlock it.

And this ratio is based on the result of 20 attempts made by the fake fingerprint device created by the researcher.

“This success rate means that we have a high probability of unlocking before any tested device re-enters the PIN unlocking system.” The researchers said.

In addition, the study also pointed out that the most vulnerable devices affected by fake fingerprints are AICase padlocks. Huawei’s Honor 7x and Samsung’s Note 9 Android phones have a success rate of almost 100%; followed by fingerprint authentication for iPhone 8, MacBookPro 2018 and Samsung S10 , The success rate exceeds 90%.

It should be noted that the success rate of Windows 10 devices and USB drives is almost zero, and the reason why Windows 10 achieves better results is that the comparison algorithm of all these machines resides in the operating system, so the results are between all platforms It’s all shared. However, this does not mean that it is completely safe, only relatively speaking.

So how did they come to this conclusion?

How did fake fingerprints escape the “legal eyes” of fingerprint authentication?

To successfully cheat mobile phone fingerprint authentication, you must first know the principle of fingerprint authentication.

The first application of Touch ID was on the iPhone 5s released in 2013, and there was an area called Secure Enclave to protect passwords and fingerprint data. Touch ID uses “hardware locking” technology, each Touch ID component is only matched with one processor, ensuring safety.

But for a long time, one of the core logics of fingerprint unlocking is: Guess the fingerprint you entered with evidence.

The logic of unlocking is: the sensor first records the fingerprint drawing points, and then when unlocking, the drawing points are verified according to a small area you touch to guess the entire fingerprint. Therefore, your fingerprints should be recorded neatly, front and rear, and only lightly when unlocking. Just rely on it.

So when Apple used Touch ID in the past, as the sensing part became larger and larger, it became safer and more efficient.

The unlocking process is generally like this: Either all the painted points are matched and passed, or a wrong painted point is directly negated-unanimous vote and one vote rejected.

But in reality, in order to unlock speed and efficiency, some fault tolerance is needed. What if there is some sweat and dust on your hands, you can only do 80% of the painted points?

So at this time, fingerprint unlocking needs to be fault-tolerant.

In addition, in the selection of sensors, there are generally three, namely capacitive sensors, optical sensors and ultrasonic sensors. Among them, capacitive and optical fingerprint recognition technologies have an earlier development history, are the most commonly used among mobile phone manufacturers, and have the highest degree of commercialization. Ultrasonic fingerprint recognition technology has the shortest development history. The technical iterations have been from the first generation in 2015, the second generation in 2017, and the third generation in 2019 before achieving large-scale commercial use. Human fingerprints are like mountains, with raised ridges and concave valleys. The acoustic pressure readings between the ridges and valleys are different, so the readings returned to the sensor can show a detailed 3D image of the fingerprint.

Based on this, the researchers designed three techniques for collecting target fingerprints.

The first is direct collection, which involves a target pressing a finger on a brand of clay called Plastiline. In this way, the attacker gets the negative of the fingerprint.

The second technique is to have the target press a finger on a fingerprint reader, such as those used at airports, banks, and border crossings, and the reader will then capture the printed bitmap image.

The third is to capture fingerprints on glasses or other transparent surfaces and take photos of them.

After collecting and printing using a print reader or photo method, some optimizations are usually required. For example, for fingerprints recorded on a fingerprint reader, multiple images must be merged together to create an image large enough to convey a real fingerprint.

Take, for example, the fingerprints obtained by the FBI from the Prohibition-era gangster Al Capone.

First, the researchers will polish the fingerprints captured on the glass and then photograph them with filters to increase contrast. Then, the researchers used digital sculpting tools, such as ZBrush, to create a three-dimensional model based on two-dimensional pictures. Finally, the researchers copied the fingerprints onto the mold, which was made of fabric glue or silicon. (In countering capacitive sensors, the materials must also include graphite and aluminum powder to improve conductivity.)

To be a real finger successfully, the mold must be of precise size. If the change is only 1%, too large or too small will cause the attack to fail. Therefore, the mold must be cured to produce hardness and remove toxins, and then complete with a 3D printer with a resolution of 25 microns or 50 microns, and the fake fingerprint mold is completed. The researchers pressed the mold on the sensor to see if it used the fake fingerprint as a real fingerprint to unlock the phone, laptop or lock.

The results show that direct collection has the best effect. But the higher success rate of direct collection does not necessarily mean that it is the most effective collection method in real-world attacks, because it requires deceiving or forcing the target to press a finger on a piece of rough clay. In contrast, it may be better to obtain fingerprints from a print reader or stained photo on the glass.

Of course, this research is not to tell you how to imitate fake fingerprints, but to tell you that no technology can achieve real security. The iteration of technology means that there is no 100% absolute security, but security issues have always been the escalation of offensive and defensive confrontation, so the design of the security system has never been a single point of dependence. The more important issue is how we prevent it.

For manufacturers, the best mitigation is to limit the number of attempts. For example, Apple restricts users to five attempts before asking for the PIN on the device.

Freelancer Blogger and Writer. I am now studying CSE at Chengdu University Of Technology. Feel free to contact with me.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store