New research has found that your fingerprints can be recreated just from the sounds they make on a touchscreen, and then used to attack biometric security measures.
While this sounds like something straight out of the plot of a budget spy film, the findings (PDF) from team of researchers from the US and China found that by using this technique, they were able to crack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.”
The technique utilizes a side-channel attack called PrintListener to match an individual’s fingerprint to a MasterPrint or DeepMasterPrint dictionary to fool the Automatic Fingerprint Identification System (AFIS) into detecting a legitimate and authorized fingerprint.
Finger friction is now a security risk
The team of researchers tested their PrintListener technique “in real-world scenarios” that resulted in successful attacks using both partial and complete fingerprints, significantly outpacing the success rates of MasterPrint dictionary attacks.
As you would expect, the sophistication of the PrintListener algorithms is immense with a highly complex workflow required to generate a fingerprint from isolated friction sounds that are muddled in the background noise of a Discord or FaceTime call.
Physiological and behavioral factors then have to be taken into account as they can influence the sound a finger makes on a screen, which the researchers addressed by using a technique known as minimum redundancy maximum relevance (mRMR) alongside an adaptive weighting strategy.
These techniques identify the features of the left loop, right loop, and the whorl of a fingerprint from the frictional sound characteristics which can then be used to generate synthetic fingerprints. In one in four attacks, the PrintListener technique was able to successfully attack AFIS using partial fingerprints, and in almost one in ten cases using complete fingerprints.
There have been significant concerns about threat-actors using photographs of individuals’ hands to bypass biometric identification measures, with some people exercising extra care when having their pictures taken.
Via Tom’s Hardware
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews