Bypassing Fingerprint Authentication Is Possible In 80% Of Cases - - Alternative View

Bypassing Fingerprint Authentication Is Possible In 80% Of Cases - - Alternative View
Bypassing Fingerprint Authentication Is Possible In 80% Of Cases - - Alternative View

Video: Bypassing Fingerprint Authentication Is Possible In 80% Of Cases - - Alternative View

Video: Bypassing Fingerprint Authentication Is Possible In 80% Of Cases - - Alternative View
Video: Fake finger print making | Cheating attendance in Office | 100% working practically 2024, November
Anonim

Biometric authentication is believed to be a more secure alternative to traditional passwords. Fingerprint authentication is currently the most common form of biometrics and is used in smartphones, laptops and other devices such as smart locks and USB drives.

However, a study by Cisco Talos found that 80% of fingerprint authentication can be easily bypassed.

For their tests, the researchers took fingerprints directly from the target user of the device or from surfaces touched by a potential victim. At the same time, the experts set a relatively low budget for this study to determine what an attacker with limited resources can achieve. So, in total, they spent about $ 2,000 on testing devices from Apple, Microsoft, Samsung, Huawei, and so on.

The experts processed the resulting prints with filters to increase contrast, used a 3D printer to create impressions, and then formed a fake print, filling this form with inexpensive glue. When working with capacitive sensors, materials also had to include graphite and aluminum powder to increase conductivity.

Image
Image

Analysts tested the fake fingerprints on optical, capacitive and ultrasonic fingerprint scanners, but found no significant differences in terms of security. But Cisco Talos notes that they achieved the best performance by attacking ultrasonic sensors, which are the latest and usually built right into the device display.

Test results
Test results

Test results.

The easiest way to cheat with fake fingerprints was the AICase lock, as well as the Huawei Honor 7x and Samsung Note 9 smartphones based on Android. For these devices, attacks were 100% successful.

Promotional video:

Attacks on the iPhone 8, MacBook Pro 2018 and Samsung S10 were almost as successful, with a success rate of over 90%.

Five laptop models running Windows 10 and two USB drives (Verbatim Fingerprint Secure and Lexar Jumpdrive F35) showed the best results: they could not be deceived with a fake.

Thus, in the case of mobile phones, researchers bypassed fingerprint authentication on the vast majority of devices. On laptops, we managed to achieve 95% success (it was especially easy with the MacBook Pro), but it was not possible to bypass the protection of Windows 10 devices on board using the Windows Hello framework at all.

Analysts write that despite the fact that they failed to deceive biometric authentication on Windows machines and USB drives, this does not mean that they are so well protected. It just takes a different approach to crack them. They are unlikely to resist an attacker with a good budget, plenty of resources and a professional team.

While the Samsung A70 has also demonstrated resilience, the researchers explain that its biometric authentication simply works extremely poorly and often does not even recognize real fingerprints that have been registered with the system.

Based on the results obtained, experts conclude that the technology of fingerprint authentication has not yet reached the level after which it can be considered reliable and secure. In fact, the researchers write that smartphone fingerprint authentication has become weaker since 2013, when Apple introduced TouchID for the iPhone 5, and then the system was hacked.

Author: Maria Nefedova