Pierluigi Paganini March 11, 2016

Two Computer Science researchers developed a technique to hack a phone’s fingerprint sensor in 15 mins with $500 worth of inkjet printer and conductive ink

The Computer Science researchers Kai Cao and Anil K Jain have developed a new technique for hacking a mobile device’s fingerprint sensor in 15 mins with $500 worth of an inkjet printer and conductive ink.

This kind of attacks is  very dangerous considering that it has been forecasted that 50% of smartphones sold by 2019 will have an embedded fingerprint sensor.

It is also important to highlight that a growing number of features and applications will rely on fingerprint recognition on mobile devices, for example, secure mobile payment and other transactions.

The duo used a 300dpi scan of a fingerprint to produce a working replica printed of a fingerprint in less than 15 minutes, and the original image could be taken from a fingerprint sensor itself.

The computer experts explained that spoofing attacks still represent a serious problem for embedded fingerprint systems.

“Spoofing refers to the process where the fingerprint image is acquired from a fake finger (or gummy finger) rather than a live finger.” wrote the duo in the paper titled Hacking Mobile Phones Using 2D Printed Fingerprints.

A first proof of concept attack of this kind was presented at Germany’s Chaos Computer Club in 2013 to hack an iPhone 5s, in 2014 the German researcher Jan Krissler, aka Starbug, demonstrated at the same hacking conference how to bypass Fingerprint biometrics using only a few photographs.

The principal limitations of the above techniques are the need to fabricate the spoof manually and the fact that this process is time-consuming.

The method developed by the two researchers overwhelms these limitations, it relies on the sensor embedded in the mobile phone and uses a 2D fingerprint image printed on a special paper. The spoof fingerprint is generated automatically, below the steps of the method developed by the researchers:

1. Install three AgIC4 silver conductive ink cartridges as well as a normal black ink cartridge in a color inkjet printers (Brother MFC-J5910DW printer was used by us); better conductivity can be achieved if a brand new (unused) printer is used;
2. Scan the target fingerprint image (of the authorized user) at 300 dpi or higher resolution;
3. Mirror (reverse the image in the horizontal direction) and print the original or binarized fingerprint image on the glossy side of an AgIC special paper;

The MSU researchers demonstrated that the attack on fingerprint readers works on various Samsung mobile devices, and less well on some Huawei phones.

“In summary, we have proposed a simple, fast and effective method to generate 2D fingerprint spoofs that can successfully hack built-in fingerprint authentication in mobile phones. Furthermore, hackers can easily generate a large number of spoofs using fingerprint reconstruction [3] or synthesis [4] techniques which is easier than 2.5D fingerprint spoofs.” states the researchers.

“This experiment further confirms the urgent need for antispoofing techniques for fingerprint recognition systems [5], especially for mobile devices which are being increasingly used for unlocking the phone and for payment. It should be noted that not all the mobile phones can be hacked using proposed method. As the phone manufactures develop better anti-spoofing techniques, the proposed method may not work for the new models of mobile phones. However, it is only a matter of time before hackers develop improved hacking strategies not just for fingerprints, but other biometric traits as well that are being adopted for mobile phones (e.g., face, iris and voice).”

The duo confirmed that this is a preliminary study, they will go deep into the analysis of fingerprint sensor.

Below a video PoC of the method developed by the researchers

Pierluigi Paganini

(Security Affairs – fingerprint sensor, mobile)