The tech experts used 3D printed molds to replicate real fingerprint and trick user authentication tech.
Cisco Talos researchers have said they were able to easily trick biometric scanners, gaining access to eight mobile devices.
The process involved using a painstaking replication effort but then quickly accessed the phones.
The researchers used a meticulous process for replicating user fingerprints using 3D-printed molds. In this way, they were able to break through the biometric scanners very easily. Of course, this wouldn’t be possible for the average cybercriminal. It would need someone to have either direct or indirect access to the individual’s fingerprint and mobile device.
Therefore, smartphone users don’t need to worry that cybercriminals will use this strategy to try to gain access to a device if they get their hands on it. In the case of cybercriminals, this type of technique could be used to compromise a device only in a highly targeted and very specific circumstance in which all the right technology, equipment, fingerprints and devices were available to the criminal. That said, it does represent a potential first for researchers who have used something other than an actual fingerprint to break through the device sensor security.
According to Talos, producing the fake fingerprints tricked the biometric scanners about 80 percent of the time.
“This level of success rate means that we have a very high probability of unlocking any of the tested devices before it falls back into the pin unlocking,” said the researchers’ report. “The results show fingerprints are good enough to protect the average person’s privacy if they lose their phone. However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication.”
To collect the fingerprints in order to produce the 3D printed replications, three different techniques were used. The first was a direct collection, copying directly from a person’s finger. The second was through the use of a fingerprint sensor, such as those used by private security companies or border security. The third was by way of a photograph of an object the user had touched, and which clearly showed the fingerprint, such as on glass.
In order to replicate the fingerprints accurately enough for an 80 percent success rate in duping the biometric scanners, quite a bit of trial and error was needed for everything from the shape to the material used for the replication. In the end, they used textile glue.