How can fingerprint scanning be fooled

Fingerprint scanning is something that has become a mainstay in a lot of smartphones, and as a result of the fact that it is so common it has ended up becoming the standard that a majority of smartphones might need to catch up with if they want to remain relevant and competitive in the market that they are currently working in.

It turns out that fingerprint scanning might not be nearly as secure as you might want to believe it is. They used a fake fingerprint tech and made 20 tries on each smartphone, and 4 out of every 5 smartphones they tried this one ended up unlocking even though a fake fingerprint was being used. Did you make this project? Share it with us! I Made It! SpyClub 4 years ago. Reply Upvote. RjR19 SpyClub Reply 5 months ago. Answer Upvote. ShivrajG3 1 year ago on Step 8. Sir I,m intrested Full setup price machine.

If a less-than-stellar service suffers a database breach and they hadn't encrypted their fingerprint images, this would allow hackers to associate your name with your fingerprint and compromise your scanners. Some password managers use a fingerprint scan to identify the user. While this is handy to secure your passwords, its effectiveness is dependent on how secure the password manager software is. If the program has inefficient security against attacks, hackers can exploit it to get around the fingerprint scan.

This problem is similar to an airport upgrading its security. They can place metal detectors, guards, and CCTV all over the front of the airport. If there's a long-forgotten back door where people can sneak in, however, all that additional security would be for nothing! Typically, the best way to avoid this kind of attack is to purchase well-received and popular products. Despite this, household names hold so much data, they become huge targets and suffer attacks as well.

As such, even if you're only using hardware made by reputable brands, it's crucial to keep your security software updated to patch out any problems found afterwards. Sometimes, a hacker doesn't need to perform any advanced techniques to get your fingerprints.

Sometimes, they use the remnants left over from a previous fingerprint scan to get past security measures. You leave your fingerprints on objects as you use them, and your fingerprint scanner is no exception. Any prints harvested off of a scanner are near-guaranteed to be the same one that unlocks it. It's sort of like forgetting the key's in the lock after you've opened a door. Even then, a hacker may not need to copy the prints from the scanner. Smartphones detect fingerprints by emitting light onto the finger, then recording how the light bounces back into the sensors.

Threatpost reported on how hackers can trick this scanning method into accepting a residual fingerprint. Researcher Yang Yu tricked a smartphone fingerprint scanner into accepting a residue fingerprint scan by placing an opaque reflective surface over the scanner.

It is possible to take a mold of the target fingerprint when, say, the victim is unconscious or indisposed. Any soft material that sets is suitable; for example, modeling clay.

An attacker can then use the mold to make a fake fingertip. The obvious difficulty is that the attacker needs the victim to be in a suitable state and physically accessible.

Another way is to get hold of a fingerprint taken with a scanner. This method is technically more complicated, but the good news for petty thieves is that not all companies that handle biometric data store it reliably. Next, the flat image has to be turned into a 3D model and printed on a 3D printer.

First, the program in which the researchers created the drawing did not allow them to set its size. Second, the photopolymer used in the budget 3D printer had to be heated after printing, which altered the dimensions of the model. Third, when the researchers finally managed to make a proper model, it turned out that the polymer it was made of was too hard, and not a single scanner was fooled by it.

As a workaround, instead of a model of a finger, the researchers decided to print a cast, which they then used to make a prosthetic finger from a more elastic material.

Another option, and also the simplest, is to photograph the target fingerprint on a glass surface. The image is processed to get the required level of clarity, and then, as before, goes to a 3D printer. As the researchers noted, the experiments with 3D printing were long and tedious. They had to calibrate the printer and find the right-size mold by trial and error, and the actual printing of each model 50 in total with the required settings took an hour.

Nor is copying the fingerprint of a sleeping victim a super-fast method. Making a mold to fabricate the fingerprint is half the battle. The choice of material for the model itself turned out to be far more difficult, because the fake was bound for testing on three types of sensors, each with a different fingerprint-reading method.