Hacking Mobile Phones Using 2D Printed Fingerprints
Date: February 19 2016 Publication: MSU Technical Report MSU-CSE-16-2 Source 1: http://www.cse.msu.edu/rgroups/biometrics/Publications/Fingerprint/CaoJain_HackingMobilePhonesUsing2DPrintedFingerprint_MSU-CSE-16-2.pdf Abstract or Summary:
Despite growing usage and claimed security of fingerprint recognition for mobile unlock and payment, spoofing attacks on the embedded fingerprint systems have not been investigated in detail. Spoofing refers to the process where the fingerprint image is acquired from a fake finger (or gummy finger) rather than a live finger. Just a few days after iPhone 5S was released, Germany's Chaos Computer Club hacked the capacitive sensor built in the phone by lifting a fingerprint of the genuine user off a glass surface and then making a spoof fingerprint. A similar spoofing technique was also used to successfully attack Samsung Galaxy S6. There are two limitations of above method of hacking mobile fingerprint reader: (i) the spoof is fabricated manually, where the hacker experience may affect the quality of spoof fingerprint and the accuracy of spoof attack, and (ii) it takes significant amount of time to create a spoof; for example, wood glue takes around 20~30 minutes to get dry. This report presents a simple yet effective method for spoofing the fingerprint sensor embedded in a mobile phone using a 2D fingerprint image printed on a special paper. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |