The Context:
Owners of almost every Android smartphone and iPhones are detected to have vulnerable security breaches to worry about. Hackers claimed to beat any fingerprint scanner in just 20mins. Using the fingerprint to unlock phones as well as the apps within can’t be relied upon.
The hackers working with the X-Lab security research team at Tencent have demonstrated how any fingerprint scanner can be beaten using equipment costing $140 and an app analyzing photographs of your print. The bad news is, fingerprints can be stolen, and unlike passcode, you can’t change your fingerprint, therefore creating a lifetime vulnerability of single credential theft.
How is the hack carried out?
The fingerprints left on the smartphones are photographed using a smartphone and passed through an app that the hackers have developed when you touch the glass. The app is used to extract data required to clone a fingerprint, preferably using a 3D printer. A 3D printed mold lets any fingerprint image be transformed into a working model of that print.
The fingerprints are then used to unlock smartphones. Three different scanning technologies were used across the smartphone industry: capacitive, optical, and ultrasonic. The hackers defeated three technologies, and the entire process from photographing the fingerprint to unlocking the device took 20 minutes.
As the precise methodology wasn’t revealed in the Shanghai 2019 conference, it is impossible to say how easy it would be for others to replicate the fingerprint hacking process. However, there have been numerous examples of fingerprint cloning that have worked in the recent past, including- use of tinfoil and hot-glue guns, AI print cloning, and 3D printing itself.
Recently, Samsung confirmed the same flaw in the fingerprint technology used by the flagship Galaxy S10 and Note 10 smartphones that enabled the security to be bypassed using nothing more elaborate than a $3 screen protector.
What should you do to mitigate the fingerprint hacking risk?
The first step you can do is clean everything that you have touched -which is obviously hard to adopt in the real world. The fingerprint problem has always been there, and most of the hacks involve the capturing of an image of your print left behind on glass or anything similar. You can also consider switching to a different security mechanism on your phone, such as the trendsetter facial recognition, or just a really lengthy PIN. Following are some basic prevention steps:
- As fingerprint usage rises, so does the risk of exposure to hacking and the need for end-to-end encryption of fingerprint sensors. Even with fingerprint readers on most phones, biometrics is still a long way from becoming the primary way into our devices.
- Smartphone biometrics is the use of biometrics to secure a smartphone from unauthorized access and theft. The use of fingerprint, iris, and face as owner identification is already available in some smartphones.
- Before putting your trust in a fingerprint scanner, look for a False Acceptance Rate (FAR) statistics. The FAR percentage is the chance of an unapproved fingerprint gaining access to a system. The lower the percentage, the better chance your scanner will reject a fingerprint.
- Stop the fingerprint acquisition in the first place as there’s nothing you can do to prevent the hackers from making a model of it. You can’t adopt wearing gloves, but it’s good to be aware of the possibility of your fingerprint leaking into the public eye.
- Sometimes, a hacker doesn’t need to perform any advanced techniques to get your fingerprints as they can use the remnants leftover from a previous fingerprint scan. The best way is to wipe your fingerprint scanner regularly. A scanner naturally imprints your fingerprint all over it, so it’s crucial to keep it clean of your prints.
While the fingerprint scanners are a useful tool, they’re far from impenetrable. Even with fingerprint readers on most phones, biometrics is still a long way from becoming the primary way into our devices. Hoping for a solution to this vulnerability soon releases, and the biometrics on a smartphone becomes safe. Are you interested in knowing more about day-to-day cyber threats? Head towards the blog section for more knowledge. This brings me to the recent article on Millions of Indian Credit and Debit Cards up for Sale on Dark Web on Joker’s Stash. If it’s possible to describe a cybercriminal marketplace as ‘reputable,’ then Joker’s Stash fits the description. The site has emerged in recent years as a destination for scammers who buy and sell credit card information stolen after data breaches from victims. To know more, visit here!