Fingerprint-Protected Phones Vulnerable To Inkjet Attack (softpedia.com) 56
An anonymous reader writes: Two researchers have come up with a new method of hacking smartphones that use fingerprint biometrics to protect and lock the user's data. Their method only needs a regular inkjet printer, three AgIC silver conductive ink cartridges, a normal black ink cartridge, and special AgIC paper. The entire attack takes no more than 15 minutes. Current tests only included a Samsung Galaxy S6 and a Huawei Hornor 7. The researchers said that while the Samsung was easy to crack, the Huawei phone needed more tries.
Re: First Post! (Score:1)
As TFA says, the Iphone sensor was already hacked by the CCC. I don't see why the new simpler method shouldn't also work on Iphones.
Re: (Score:1)
Well, Duh... (Score:5, Insightful)
We keep seeing this over and over again with bio-metric "security". Bio-metrics are not passwords, and should never have been considered as passwords. Bio-metrics are USER ID's, nothing more. They only identify individual users, they do not authenticate them.
Re: agreed (Score:1)
And? Mother's maiden name falls under one of those categories too, but that doesn't mean either is a good authentication factor.
Re: (Score:2)
"And? Mother's maiden name falls under one of those categories too, but that doesn't mean either is a good authentication factor."
Not everybody has one of those. I'm from Luxembourg and we have the french system.
"Since the 1789 Revolution, the law stipulates that "no one may use another name than that given on his birth certificate"
Re: another name (Score:1)
Re: (Score:3)
They only identify individual users, they do not authenticate them.
But... but... even if you've stolen somebody's phone you still need a copy of their fingerprint to use this method. You'd need to get hold of something they'd handled recently, preferably with a nice shiny glass or plastic surface, like maybe a.... Oh, wait, yeah, a mobile phone. :-)
Seriously, though - there is a role for "weak" protection like this as a "line in the sand" - if you have to break a security measure, however feeble, then its hard to subsequently claim innocence or good faith. That's fine, p
Re: (Score:2)
Indeed and around here most phones are stolen by crack-heads and the like; there's no way they'll do anything sophisticated. If they can't unlock it immediately they'll try to fob it off on somebody who doesn't realize it's locked or sell it for parts (screen).
Re: (Score:2)
You'd need to get hold of something they'd handled recently, preferably with a nice shiny glass or plastic surface, like maybe a.... Oh, wait, yeah, a mobile phone. :-)
Or you simply cut off their finger.
Definitely don't identify. A PIN or physical key (Score:2)
Today's consumer biometrics really are a lot like PIN numbers or physical keys made of brass. If a particular scanner has a one-in-million chance of a false match, that means that hundreds of people in the US will have the same type of fingerprint, within the ability of the system to classify them. That is, one scan of my finger is unlikely to "match" a scan of YOUR finger, but it's very likely to match the scan of SOMEONE'S finger. Much like some people will use the same PIN number on their debit card, b
iPhone5S or GTFO (Score:3, Interesting)
Clearly their tests didn't work against the industry standard-bearer for biometric login, or their title would be different. So has anyone done work on this since the CCC show an expensive, detailed attack?
Re:iPhone5S or GTFO (Score:4, Insightful)
If it had worked on an iPhone, the headline would've said "iPhone fingerprint sensor easily defeated with an inkjet printer". The Android phones wouldn't have been mentioned until page two or three of the article.
Lol (Score:1)
Or they could be a fan boy like the parent post and not try lol
Re: (Score:1)
Re: (Score:2, Insightful)
Re: (Score:1)
Of course the media isn't going to report on Android security being broken. Pretty much everyone already knows that Android isn't secure. Customers don't have an expectation of security when buying Android devices like they do when buying iPhones. That's a fact demonstrated by many surveys of consumers. If you're wanting the mainstream media to run articles about Android being vulnerable to attacks, they should probably also start running stories about how water is wet, the sun goes below the horizon at nig
Re: (Score:2)
> a fact demonstrated by many surveys of consumers
Citations or GTFO
Re: (Score:1)
I looked at the article summary, and felt refreshed that it wasn't more spam about Apple's Iphone. Thanks for making sure to compensate for that down here in the comments.
Re: I'm actually surprised (Score:1)
Then this should be good news for you. They don't need to cut off your finger and pump warm saline through it. One fingerprint is enough.
An iPhone can be unlocked with glue... (Score:3)
Here's another video showing how easy the iPhone can be unlocked by a spoof: https://www.youtube.com/watch?... [youtube.com]
So, why bother with this inkjet setup? it seems complicated compared to just using glue or what appears to be tape.
Re: (Score:1)
So, why bother with this inkjet setup? it seems complicated compared to just using glue or what appears to be tape.
This is just conjecture, but maybe that trick doesn't work on anything but an Iphone? Possibly this more extreme method is needed for other brands of smartphone?
Is this supposed to be new? (Score:2)
The German CCC (Chaos Computer Club) did this [dasalte.ccc.de] already 2004 and went on to "publish" the finger print [www.ccc.de][sorry, in German only] of the then German minister of the interior tele-photoed of a glas used during a press conference.
So what is new now? Using a 3D printer instead of a laser printer?
Using conductive ink... (Score:2)
...in an inkjet instead of a laser printer.
Presumably, as it is not stated in the paper as an issue per se, [msu.edu] this method should get around safeguards intended to prevent using printouts - by requiring the fingerprint to be conductive to electricity.
Which would probably work with a wet printout as well.
my fingers are too exposed (Score:1)
I'll use my genital warts pattern for authentication from now on.
I wonder (Score:1)
How many of those fingerprints wind up in a government data base.
No problem (Score:2)
No gummy bears? (Score:2)
Fingerprint scanners have long been proven vulnerable to the most elementary of attacks. There is a stack of references to gelatin based fingerprint replication, including http://www.theregister.co.uk/2... [theregister.co.uk] And MythBusters did a very useful comparison of the most robust and expensive fingerprint scanners at https://www.youtube.com/watch?... [youtube.com] .
fingerprints have been spoofed for decades (Score:1)
Two New York State police from Troop C (Binghamton) were convicted and jailed for spoofing fingerprints (and possibly other physical evidence) about 20-30 years ago. IIRC, they used scotch tape to lift the print of the innocent person they wanted to frame and then deposited the print on the piece of evidence connected to the crime.
So, even w/o using computers, fingerprints can be faked. Physical evidence is not as solid as prosecutors claim, but we already knew that from several other convictions for