It’s as easy as that! Photo: Michigan State University
Posted on 03/08/2016 7:29:50 PM PST by Swordmaker
Your fingerprint is supposed to be the most secure method of locking your smartphone, but that’s not the case if your device can be easily fooled.
Researchers have been able to hack those from Samsung and Huawei using only an inkjet printer and conductive ink.
“Your fingerprint is one of the best passwords in the world,” said Apple’s Dan Riccio when the company introduced Touch ID, the fingerprint scanner that kickstarted a generation of smartphones with fingerprint scanners, in September 2013.
That may be the case if you use an iPhone, but it seems other devices aren’t quite as good at keeping the bad guys out. Using fingerprints printed from capacitive ink, researchers at Michigan State University were able to fool those used by Samsung and Huawei.
The researchers began by taking high-resolution scans of the smartphone owner’s fingerprint, then printing it onto conductive paper using AgIC conductive ink.
“We enrolled the left index finger of one of the authors and used the printed 2D fingerprint of this left index finger to unlock the fingerprint recognition systems in these phones. We tried several fingers of different subjects and all of them can successfully hack these two phones.”
The Huawei Honor 7 was slightly harder to unlock, requiring more attempts — but Samsung’s Galaxy S6 was much easier to get into. The unlocking process is demonstrated in the video below.
Michigan State YouTube of Samsung Android FingerPrint Hack
Of course, without access to a high-resolution scan of your fingerprint, it’s difficult for a hacker to use this trick to gain access to your device. But this is proof that some smartphone fingerprint scanners can be easily fooled.
Pinging dayglored, Shadow Ace, and ThunderSleeps for your Ping lists to warn Android users with fingerprint security that it ain't safe.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Exact terms escape me, but there’s a difference between credentials (known info others are unlikely to supply) vs passcodes (secrets which only the authorized should know). Fingerprints are considered the former a la speed bumps for security, not impenetrable secrets a la 1024 bit RSA keys.
I imagine terrorists and Putinpeople already know this.
And with the technology they have today then a copy of your fingerprints can be transferred to any surface to “Make” you appear guilty of a crime. Something to think about.
Samsung and the other Android makers were so desperate to have an iPhone work alike they rushed one out. It only scans actual fingerprints. Apple doesn't even scan fingerprints but the subcutaneous fat ridges underneath the fingerprints so a mere copy of photo of a fingerprint cannot work. It is much more sophisticated than a finger"print" scanner. It also somehow requires the finger to be living.
When the iPhone 5S first came out, there were several hackers who claimed they had successfully "hacked" Apple's fingerprint scanners using their own iPhones and either latex copies of their fingers or photocopies. However, it turned out that every single one of them could NOT duplicate the opening of the iPhone if someone else but them wore the copy. When they researched further it was found that the iPhone was reading their fingers THROUGH their attempted FAKE. Put it on someone else's finger and it wouldn't read the right ridges and valleys under the fake and under the other persons skin.
The only system that would work was one that ALSO read the subcutaneous valleys and ridges of fat under the epidermis of the finger, then make a rubberized fake finger that matched those subcutaneous patterns, put fake skin with similar capacitance as a real human finger to make it read like a living finger and THEN, maybe one out of ten tries it might open the iPhone. Very iffy.
And apparently while a password is supposedly still protected by the courts, your finger being used to unlock your phone isn’t. IE, the bailiffs can hold you down and force your finger onto the sensor to unlock a phone.
iPhone 5S Fingerprint Security Can Be Easily Broken, Hackers Show
My recommendation is to stick with a 6-digit or larger PIN. It's really not much more effort, and with the lockout feature built into the phone is very secure as long as you're careful not to let someone observe what you enter.
If you need my passcode in order to turn the iPhone on, then how does having my fingerprint help you? You still need both things.
The courts have ruled they can take a fingerprint for ID purposes, but NOT for the purposes of unlocking anything protected by biometric means. ID purpose taken fingerprints may NOT be used to attempt to unlock a biometrically locked device. Any such evidence discovered by such use would be inadmissible in a court of law, or any thing derived from such evidence. However, any fingerprint taken from an environmental source used for such an unlocking is acceptable and the evidence is admissible.
Original posting on FreeRepublic:
Virginia police can now force you to unlock your smartphone with your fingerprint
I believe I read somewhere his decision in Virginia was reversed, based on judicial error resulting the case being thrown out.
A court can compel the use of a physical key to a lock but not a combination, a concept that has survived every challenge on that basis, and far far older than smartphone or computer gizmos. That the key is you doesn't change the longstanding legal theory.
Handwriting, fingerprints, iris, DNA - biometric identification for credentials to access personal information can and will be compelled by courts with no taint to the evidence obtained. All are just keys by another name.
The body of rulings protecting passwords is almost as deep as the body of rulings compelling the release of keys.
Gizmos offer security from casual entry, at least an 11 digit pass code offers security from both casual entry and government entry.
So - the nefarious party must have your finger or fingerprint, then must scan that fingerprint (the actual resolution or how much detail must be included is mentioned). THEN - they must have a printer that prints in conductive ink (definitely not a normal, consumer-available product), then must print out several copies to be able to try them out. Certainly within the means of someone after some truly high-value data.
But I"m also curious - what makes Apple's implementation so much more secure?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.