Experts from the Cisco Talos conducted a safety study of common fingerprint scanners and their methods of deception by using a copy of the print. The results showed that with a relatively small budget, an attacker can get copies of the prints, working with scanners in many smartphones and laptops in about 80 percent of cases.
Most modern smartphones come with a fingerprint scanner because to use it is much more convenient than entering a long password and safer than simple and short PIN. Have fingerprints, and other biometric characteristics, there is a disadvantage, which is that in the event of leakage can not be changed, unlike a password. However, it is widely believed that to create a quality copy of the fingerprints.
Since entering in 2013, the first iPhone with a fingerprint scanner, researchers in the field of information security verify the security of some popular smartphones, but using different methods and these methods do not always apply in the real world. Researchers from Cisco’s Talos did my research, which came from a deliberately limited budget of two thousand dollars, and also used different types of devices and methods for creating copies of prints.
To check the researchers picked up several phones and laptops from different manufacturers, one tablet (iPad), door lock with fingerprint scanner, and two USB sticks. These devices are installed sensors of three basic types (capacitive, optical and ultrasonic). For each artificial fingerprint was given 20 attempts to unlock any device.
The authors have chosen three methods of obtaining the victim’s prints. The first of these is a direct method in which the finger of a man bent to the soft material. The researchers note that this method is really only applicable if the person is unconscious or drunk. The second method involves the use of the fingerprint scanner. This scenario is real primarily in case of data leakage, for example, which happened last year in the UK and revealed fingerprints of over a million citizens. The third method is the most realistic and implies that the imprint is removed from household objects, such as glass.
After receiving a two-dimensional image with the fingerprint you have to make it monochrome, and then turned into a three-dimensional model, for which the authors used ZBrush. They note that the program is convenient for this task, but they had to create many prototypes, pre-prints, because it is difficult to control the actual size of the print. Molding forms for copies of the prints, the researchers created on a 3D printer, and the copy of a silicone polymer or fabric glue with the addition of powder of graphite and aluminum to increase conductivity.
The test results showed that approximately 80% of the attempts, the smartphone, tablet, laptop on macOS and smart lock allows you to unlock themselves using copies of the print. The researchers found no significant difference between scanners of different types, but as expected found higher accuracy have a direct method of collecting fingerprints by using the soft material.