Fooling Phone Fingerprint Sensors

Forbes describes an interesting 2016 case in which police were unable to lock the Samsung Galaxy S6 that belong to a murder victim.

When Dr. Anil Jain was approached by the Michigan State University Police Department to unlock a murder victim’s Samsung Galaxy S6 using a fingerprint clone, he didn’t think the solution would be so cheap. But he told FORBES that the equipment needed to produce the high-definition print cost under $500. What’s more, he said, the same technique, at the very least, can unlock the Samsung Galaxy S7 and the iPhone 6. And American cops are already hungry to use the hacking technique in other cases where they’re struggling to get evidence from smartphones.

. . .

All Lansing could provide, though, were the prints on file, which were missing parts of the fingers’ ridges and valleys. And the researchers had no idea which finger the man had used on his phone, meaning they’d have to create copies of all 10 digits.

It wasn’t much to go on. But Jain worked alongside Kai Cao, post-doctoral scholar, and Sunpreet Arora, PhD student, to try out numerous methods to unlock the Samsung phone. At first they put together some basic high-definition 2D prints. They failed. The academics, who’ve specialized in biometrics for more than 20 years, then moved to creating a full 3D print, using equipment worth tens of thousands of dollars.

. . .

When they called the police in for a third attempt at cracking the Samsung, the researchers tried three different 2D prints with varying levels of enhancement — going too low or too high wouldn’t match the biometric record on the Samsung device. The third time, they got lucky. In five minutes the device was open and the Lansing cops went away happy. The 3D prints didn’t work at all.

Android really needs to up its security game. It’s ridiculous that iOS is so much more secure in general, and that there’s such a variance in security on Android between manufacturers who add (or don’t) additional security enhancements.

Leave a Reply