While adding fingerprint scanners to mobile phones seems to be a great new way to allow devices to be better secured without requiring the user to remember a lengthy password, it has been found that such scanners can easily be fooled. Apple’s Touch ID was broken by play-doh last month, now it is Samsung and Huawei’s turn in the spotlight, with the sensors on Galaxy S6 and a Huawei Honor 7 being cheated by researchers from Michigan State University.
The tools required to get into these devices was nothing more than a basic inkjet printer loaded with special ink and paper by Kai Cao and Anil Jain from the Michigan State University department of computer science and engineering. The researchers took scans of the fingerprints required to unlock the devices and printed them in 2D using the special conductive ink and paper that is designed for printing electronic circuit boards and other systems that carry an electric charge.
This wasn’t just a one-time trick either, with the researchers able to replicate the technique multiple times for different sets of fingerprints, with the whole process taking very little time using common equipment. This is one-step better than most other methods of bypassing fingerprint scanners, which typically require an imprint of the fingerprint in 3D, often requiring specialist techniques or actions by the ‘victims’ beyond a simple scan.
The number of smartphones this may affect is currently unknown, with the scanner used in the Galaxy S6 and Honor 7 being common across a number of devices including a number of Nexus phones and the LG G5. The attack does not pose a strong risk to most users, however, as it is unlikely that many attackers will be able to acquire a set of fingerprints at a high enough resolution to use, but for those in possession of prints, such as law enforcement agencies, this could be an easy way to break into the devices of criminals that are secured by fingerprint scanners.