Your phone’s biggest vulnerability is your fingerprint

In five minutes, a single person faked a fingerprint and broke into my phone. It was simple, a trick the biometrics firm Vkansee has been playing at trade shows for months now. All it took was some dental mold to take a cast, some play-dough to fill it, and then a little trial and error to line up the play-dough on the fingerprint reader. We did it twice with the same print: once on an iPhone 6 and once on a Galaxy S6 Edge. As hacks go, it ranks just a little harder than steaming open a letter.

Of course, this particular method only works if you have help from the person whose fingerprint you need — and even then, it’s not a foolproof system. As luck would have it, my own fingertips turned out to be too smooth to leave an impression, so we had to rely on our director Phil Esposito, who had his thumb successfully molded and used it to unlock both phones.

It’s also one of the more primitive ways to bypass a fingerprint scanner. I’ve seen researchers at CITER pull off a similar trick with a 3D-printed mold, developed from a stored image rather than a real finger. If the mold is filled with rubber, you can wear that print permanently, and fool any reader small enough to fit on a smartphone. At the CCC conference in 2014, a security researcher called Starbug used those techniques to construct a working model of the German defense minister’s fingerprint, based on a high-res photograph of the minister’s hand...


No comments:

Post a Comment