Chinese security researchers from X-Lab security at Tencent challenged fingerprint security during a presentation at the GeekPwn 2019 conference in Shanghai, Forbes writes. The team claims that they can hack almost any Android or iOS device in just around 20 minutes using what appears to be a fairly straightforward fingerprint hacking method.
Without giving too much detail about the audience’s actual technical approach, the researchers used a smartphone to take a photo of the fingerprints left on a glass and executed the photo through an app they developed. They were then able to access three different phones equipped with different scanning technologies, each with capacitive, optical and ultrasonic sensors. A pair of event fingerprint scanning machines were also defeated in the demo. According to Forbes, a 3D printer was probably used to recreate the fingerprint. The hardware behind the experiment costs as little as $ 140, according to Chen Yu, one of the team members.
While the method requires the attacker to have physical possession of the individual’s phone after collecting a sufficiently clear latent fingerprint, using latent fingerprints, the method requires less cooperation than a fake print hack against the individual. optical sensor from the OnePlus 7 Pro made earlier this year, which requires making a mold from the finger of the target.
South Korean tech company Samsung recently fixed a major security flaw in the biometric fingerprint recognition feature of the S10 smartphone. A number of users have reported that a cheap screen protector makes it easy to bypass the ultrasonic in-screen fingerprint security system and unlock the smartphone with any fingerprint. Soon after, the company released a software update.
access management | biometrics | fingerprint sensors | hacking | smartphones | usurpation | Tencent