Smartphone Fingerprint Scanners Fooled By Inkjet Printer

0 views
Skip to first unread message

Janet Denzel

unread,
May 29, 2024, 2:10:32 PM5/29/24
to centdawdbumbo

Biometric authentication, such as face IDs, retina scans, and fingerprints, were introduced to our devices to increase security. At first, it felt like it was doing what it was meant to do. Plus, the convenience it brought with it was top-notch.

However, over the past few years, biometrics hacking has become an increasingly popular way for criminals to access sensitive data. Hackers can bypass traditional security measures, such as passwords and personal identification number (PIN) codes, using special tools and techniques to access sensitive information.

Smartphone fingerprint scanners fooled by inkjet printer


DOWNLOAD ————— https://t.co/BVSKj96qZs



Once the attacker has obtained the biometric data, they can use it to impersonate the victim and gain access to their accounts or confidential information. Biometric data is unique to each individual and cannot be easily changed, making it a valuable target for hackers.

There is no such thing as foolproof security, including biometric data. While it is true that biometric data is more secure than other forms of identification, such as a password or PIN, determined hackers can find a way to bypass biometric security measures.

There are a few different ways that biometrics can be hacked. One common method is to use a device called a skimmer. This device can be placed on ATMs or other fingerprint scanner machines. The skimmer collects the information from the finger scan and then creates a fake fingerprint that can be used to access the device.

One of the most famous examples of biometric hacking was when a group of hackers used a skimmer to collect the fingerprints of over 1 million people. They then used these fingerprints to access sensitive information like bank accounts and government records.

In 2015, the U.S. Office of Personnel Management (OPM) was the victim of a massive data breach in which the personal information of more than 21 million people was compromised. The hackers were able to gain access to fingerprint data belonging to 5.6 million individuals, making it one of the largest known breaches of biometric data.

In 2016, a team of researchers from Michigan State University demonstrated that it is possible to create fake fingerprints that can fool fingerprint scanners. The researchers created fake fingerprints using gelatin and inkjet printers. They could use these fake fingerprints to unlock smartphones and laptops equipped with fingerprint scanners.

These are just a few examples of how biometric data can be compromised. As we store more and more personal data in digital form, it is, and will, become increasingly important to consider the security risks associated with these types of data.

Multi-factor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity. In other words, it adds an extra layer of security by requiring a second form of identification. There are several reasons why biometrics are more secure with MFA:

To prevent hackers from accessing your systems, it's essential to use strong authentication methods. This includes using multiple-factor authentication, which requires users to provide more than one form of identification.

Another way to protect your business from biometrics hacking is to educate your employees on the risks and how to avoid them. This includes not sharing their biometric information with others, using strong passwords, and being aware of phishing scams.

Several security measures can be put in place to protect your business from biometrics hacking. This includes ensuring that only authorized personnel has access to biometric information, using encryption to protect data, and regularly testing systems for vulnerabilities.

One way to protect against identity theft and biometrics hacking is to stay current. By keeping abreast of the latest news and developments in identity theft and biometrics, you can be better prepared to defend yourself against these threats.

As the world increasingly moves towards a digital landscape, our personal data is becoming more and more vulnerable to theft and hacking. Biometric data, in particular, is a hot commodity for identity thieves and hackers, as it can be used to gain access to sensitive information and accounts.

While biometrics offer a more secure way to protect our data, they are not foolproof. Hackers have found ways to bypass biometric security systems, and as this technology becomes more widespread, we can expect them to continue finding new ways to exploit it.

The best way to protect ourselves is to stay informed about the latest security threats and to use biometric security systems in conjunction with other forms of authentication, such as a PIN or password.

Like most biometric identification systems, fingerprint locks provide adequate protection from malicious attacks, but they can be fooled by criminals to gain access to personal data hidden behind the fingerprint in smartphones or accounts. The use of biometric data for authentication is not new, face recognition, retina scanning, and voice identification are often used as substitutes for passwords. Several methods have been created to hack them, but in the last few years, 3D printing technology made it possible for anyone to create fake fingerprints and use them to gain unauthorized access to a system. At the DEFCON 2020 virtual security conference on August 8, Security Researcher at Dreamlab Technologies and 3D printing enthusiast Yamila Levalle described how she was able to bypass finger authentication using just a UV resin-based SLA 3D printer and $10 worth of materials.

To test the attacks using 3D printing, Levalle used an Anycubic Photon 3D DLP/SLA printer she had at home; UV resin; software to digitally enhance the latent fingerprint; a 3D CAD design tool, like Tinkercad, and a latent fingerprint in glass or a fingerprint ink in paper.

The in-depth how-to guide required to obtain a working fingerprint involved lifting the latent fingerprint with a digital camera that had macro functionality and then, used a digital enhancement tool, such as Python or any kind of graphic software, in order to optimize the lines. Once the enhanced JPG file is converted to an SVG (Scalable Vector Graphics) file it can be imported into Tinkercad, where the dimensions and ridge height are configured to create a 3D model of the fingerprint. This, Levalle claims, is the most important step, making sure that the fingerprint length and width are printed according to the measures of the original latent fingerprint because the correct ridge height will allow the fake fingerprints to work in different sensors and scanners. Human papillary ridges, in general, have a height between 20 and 60 microns, so for this particular research, the 25-micron precision of a UV resin-based device did the job.

It took Levalle ten tries to achieve the optimal printer settings and ridge height. Out of the two options she created, the fingerprint obtained from the 3D mold with liquid latex or wood glue casting worked on all four sensors, from the latest ultrasonic fingerprinting scanning technology used in Samsung S10 smartphones to the older optical fingerprint sensor models, although here she needed to spread cocoa butter lip balm or petrolatum over the fake fingerprint for the sensor to actually recognize it. On the other hand, the positive model 3D printed directly on UV resin only worked with the ultrasonic sensor and one of the opticals, mainly due to the hardness of the resin which failed to be recognized as a finger.

In order to detect presentation attacks on fingerprint systems, Levalle and a team of researchers suggested analyzing the degree of sharpness, color, and luminance levels of the sample, entropy, structural distortions, local artifacts, light absorbance, material elasticity, and moisture content. But even as scanners and security experts become better equipped to detect falsified biometric data, cybercriminals will also be trying their best to create better fakes, and continue zeroing in on data theft.

Biometrics are all the rage. Smartphone companies are replacing traditional passwords with fingerprint scanners, face scanners, iris scanners, and just about every other type of body scanner imaginable.

It's easy to see why people prefer using fingerprint and iris scanners. Unlocking your phone with an iris scanner just feels futuristic. But the harsh reality is these newer methods don't secure your data as well as an old school password.

Let's take the seemingly ubiquitous fingerprint scanner. Most smartphones these days come equipped with some form of fingerprint scanner. Apple introduced Touch ID on the iPhone 5S in 2013, and a host of Android devices had it prior to that. Samsung, for its part, got in on the fingerprint scanner game in 2014 with the Galaxy S5. It's something we've come to expect.

With so many people reliant on fingerprint sensors, you'd think it'd be a pretty safe option. It's sadly not that simple. In 2016, researchers discovered that all it took to trick some phone locks was an inkjet printer and special ink.

And researchers have come up with more creative ways to bypass the fingerprint scanners. In 2017, a group of researchers from New York University and Michigan State University developed a set of so-called "master prints" that successfully unlocked phones 65 percent of the time in a simulation.

Face scanners have proven to be even worse. Samsung's Galaxy S8 face unlock was tricked with a photo. OK, well, surely iris scans are better? Hackers reportedly got around those too, and all it took was a printed photo and a contact lens.

Sure, it takes a little longer to unlock your phone, but just like every other digital habit you've developed over the years, it becomes second nature quickly enough (trust me on this). And anyway, what's a little delay when it comes to securely protecting your device?

The convenience of biometrics makes fingerprint, face, and iris scans seem like a good option, and it's definitely better than no protection at all. However, you may reevaluate the tradeoff of ease for security when some nefarious character snaps your photo and then has his way with your data.

bcf7231420
Reply all
Reply to author
Forward
0 new messages