Michigan State University (MSU) researchers used off-the-shelf inkjet printers to demonstrate how fingerprint readers on popular smartphones can be manipulated into unlocking the devices using spoofed fingerprints made with printer inks.
MSU's Kai Cao and Anil K. Jain sought to investigate the overlooked spoofing strategy, which is especially relevant because half of smartphones sold by 2019 are expected to have an embedded fingerprint sensor. "With the introduction of Apple Pay, Samsung Pay, and Android Pay, fingerprint recognition on mobile devices is leveraged for more than just device unlock; it can also be used for secure mobile payment and other transactions," the researchers note.
Cao and Jain used an inkjet printer loaded with three silver conductive ink cartridges and a normal black ink cartridge, and scanned a fingerprint of a phone's authorized user at 300 dpi (dots per inch) or higher resolution. Afterward, the print was reversed or mirrored before being printed onto the glossy side of a piece of AgIC paper. "Once the printed [two-dimensional] fingerprints are ready, we can then use them for spoofing mobile phones," the researchers note.
The spoofed print successfully unlocked Samsung Galaxy S6 and Huawei Honor 7 smartphones.
Cao and Jain say their experiment "further confirms the urgent need for anti-spoofing techniques for fingerprint-recognition systems, especially for mobile devices."
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found