acm-header
Sign In

Communications of the ACM

ACM TechNews

Researchers Spoof Phone's Fingerprint Readers Using Inkjet Printers


A finger used for enrollment (left), and a two-dimensional printed  fingerprint image used to unlock a Samsung S6 handset.

Researchers at Michigan State University used commercially available inkjet printers to create two-dimensional copies of fingerprints, which they used to unlock smartphones.

Credit: CSU.MSU.edu

Michigan State University (MSU) researchers used off-the-shelf inkjet printers to demonstrate how fingerprint readers on popular smartphones can be manipulated into unlocking the devices using spoofed fingerprints made with printer inks.

MSU's Kai Cao and Anil K. Jain sought to investigate the overlooked spoofing strategy, which is especially relevant because half of smartphones sold by 2019 are expected to have an embedded fingerprint sensor. "With the introduction of Apple Pay, Samsung Pay, and Android Pay, fingerprint recognition on mobile devices is leveraged for more than just device unlock; it can also be used for secure mobile payment and other transactions," the researchers note.

Cao and Jain used an inkjet printer loaded with three silver conductive ink cartridges and a normal black ink cartridge, and scanned a fingerprint of a phone's authorized user at 300 dpi (dots per inch) or higher resolution. Afterward, the print was reversed or mirrored before being printed onto the glossy side of a piece of AgIC paper. "Once the printed [two-dimensional] fingerprints are ready, we can then use them for spoofing mobile phones," the researchers note.

The spoofed print successfully unlocked Samsung Galaxy S6 and Huawei Honor 7 smartphones.

Cao and Jain say their experiment "further confirms the urgent need for anti-spoofing techniques for fingerprint-recognition systems, especially for mobile devices."

From eWeek
View Full Article

 

Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


 

No entries found