Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Cellphones Hardware Hacking Printer

Fingerprint-Protected Phones Vulnerable To Inkjet Attack (softpedia.com) 56

An anonymous reader writes: Two researchers have come up with a new method of hacking smartphones that use fingerprint biometrics to protect and lock the user's data. Their method only needs a regular inkjet printer, three AgIC silver conductive ink cartridges, a normal black ink cartridge, and special AgIC paper. The entire attack takes no more than 15 minutes. Current tests only included a Samsung Galaxy S6 and a Huawei Hornor 7. The researchers said that while the Samsung was easy to crack, the Huawei phone needed more tries.
This discussion has been archived. No new comments can be posted.

Fingerprint-Protected Phones Vulnerable To Inkjet Attack

Comments Filter:
  • Well, Duh... (Score:5, Insightful)

    by Anonymous Coward on Sunday March 06, 2016 @03:53AM (#51647365)

    We keep seeing this over and over again with bio-metric "security". Bio-metrics are not passwords, and should never have been considered as passwords. Bio-metrics are USER ID's, nothing more. They only identify individual users, they do not authenticate them.

    • They only identify individual users, they do not authenticate them.

      But... but... even if you've stolen somebody's phone you still need a copy of their fingerprint to use this method. You'd need to get hold of something they'd handled recently, preferably with a nice shiny glass or plastic surface, like maybe a.... Oh, wait, yeah, a mobile phone. :-)

      Seriously, though - there is a role for "weak" protection like this as a "line in the sand" - if you have to break a security measure, however feeble, then its hard to subsequently claim innocence or good faith. That's fine, p

      • by jimbo ( 1370 )

        Indeed and around here most phones are stolen by crack-heads and the like; there's no way they'll do anything sophisticated. If they can't unlock it immediately they'll try to fob it off on somebody who doesn't realize it's locked or sell it for parts (screen).

      • You'd need to get hold of something they'd handled recently, preferably with a nice shiny glass or plastic surface, like maybe a.... Oh, wait, yeah, a mobile phone. :-)

        Or you simply cut off their finger.

    • Today's consumer biometrics really are a lot like PIN numbers or physical keys made of brass. If a particular scanner has a one-in-million chance of a false match, that means that hundreds of people in the US will have the same type of fingerprint, within the ability of the system to classify them. That is, one scan of my finger is unlikely to "match" a scan of YOUR finger, but it's very likely to match the scan of SOMEONE'S finger. Much like some people will use the same PIN number on their debit card, b

  • iPhone5S or GTFO (Score:3, Interesting)

    by rsborg ( 111459 ) on Sunday March 06, 2016 @04:08AM (#51647391) Homepage

    Clearly their tests didn't work against the industry standard-bearer for biometric login, or their title would be different. So has anyone done work on this since the CCC show an expensive, detailed attack?

    • by 93 Escort Wagon ( 326346 ) on Sunday March 06, 2016 @04:20AM (#51647407)

      If it had worked on an iPhone, the headline would've said "iPhone fingerprint sensor easily defeated with an inkjet printer". The Android phones wouldn't have been mentioned until page two or three of the article.

      • by Anonymous Coward

        Or they could be a fan boy like the parent post and not try lol

      • by Anonymous Coward
        that is probably true, but I don't understand it. Android phones absolutely trounce Apple in sales, even a single vendor SAmsung destroys Apple in total sales yet the press is always more interested in Apple/
        • Re: (Score:2, Insightful)

          They do not just trounce Apple in sales, but often in specs as well. But in terms of profits, Apple solidly beats them. Still, I think the main reason that the press is more interested in Apple is simply because the public is. They still perceive them as the premium brand that sets the yardstick and is more secure than the others. "Huawei Horror 7 fingerprint scanner defeated" will not garner nearly as many eyeballs as "iPhone fingerprint scanner unsafe!" in the tech press, and an article about broken A
          • by Anonymous Coward

            Of course the media isn't going to report on Android security being broken. Pretty much everyone already knows that Android isn't secure. Customers don't have an expectation of security when buying Android devices like they do when buying iPhones. That's a fact demonstrated by many surveys of consumers. If you're wanting the mainstream media to run articles about Android being vulnerable to attacks, they should probably also start running stories about how water is wet, the sun goes below the horizon at nig

    • I looked at the article summary, and felt refreshed that it wasn't more spam about Apple's Iphone. Thanks for making sure to compensate for that down here in the comments.

  • by JackAxe ( 689361 ) on Sunday March 06, 2016 @05:29AM (#51647533)
    Both the iPhone 5c and iPhone 6: https://www.youtube.com/watch?... [youtube.com]

    Here's another video showing how easy the iPhone can be unlocked by a spoof: https://www.youtube.com/watch?... [youtube.com]

    So, why bother with this inkjet setup? it seems complicated compared to just using glue or what appears to be tape.
    • So, why bother with this inkjet setup? it seems complicated compared to just using glue or what appears to be tape.

      This is just conjecture, but maybe that trick doesn't work on anything but an Iphone? Possibly this more extreme method is needed for other brands of smartphone?

  • The German CCC (Chaos Computer Club) did this [dasalte.ccc.de] already 2004 and went on to "publish" the finger print [www.ccc.de][sorry, in German only] of the then German minister of the interior tele-photoed of a glas used during a press conference.

    So what is new now? Using a 3D printer instead of a laser printer?

    • ...in an inkjet instead of a laser printer.

      Presumably, as it is not stated in the paper as an issue per se, [msu.edu] this method should get around safeguards intended to prevent using printouts - by requiring the fingerprint to be conductive to electricity.
      Which would probably work with a wet printout as well.

  • by Anonymous Coward

    I'll use my genital warts pattern for authentication from now on.

  • How many of those fingerprints wind up in a government data base.

  • The next release (of the phone) will fix this.
  • Fingerprint scanners have long been proven vulnerable to the most elementary of attacks. There is a stack of references to gelatin based fingerprint replication, including http://www.theregister.co.uk/2... [theregister.co.uk] And MythBusters did a very useful comparison of the most robust and expensive fingerprint scanners at https://www.youtube.com/watch?... [youtube.com] .

  • Two New York State police from Troop C (Binghamton) were convicted and jailed for spoofing fingerprints (and possibly other physical evidence) about 20-30 years ago. IIRC, they used scotch tape to lift the print of the innocent person they wanted to frame and then deposited the print on the piece of evidence connected to the crime.

    So, even w/o using computers, fingerprints can be faked. Physical evidence is not as solid as prosecutors claim, but we already knew that from several other convictions for

"Marriage is low down, but you spend the rest of your life paying for it." -- Baskins