Fingerprints are unique and can serve as dependable biometric authentication for devices. However, researchers have managed to successfully unlock multiple modern-day devices using cloned fingerprints made using rudimentary tools such as a printer, and carpenter’s glue.
Biometric authentication was supposed to be the pinnacle of security as each person has a unique fingerprint. However, researchers have successfully duplicated fingerprints and proved that it works really well on iPads, iPhones, and other devices that feature a fingerprint scanner.
Researchers use cloned fingerprints for biometric authentication without using any sophisticated or uncommon tools:
Biometric authentication is way more superior to passwords and PINs. Fingerprints are unique, unlike passwords, which Internet users clone repeatedly across multiple services.
However, researchers have reportedly managed to “lift and copy” fingerprints that people casually leave behind on multiple surfaces. Fingerprints exist even on the very devices they protect.
Your Fingerprint Can Be Hacked For $5. Here’s How. – Kraken Blog https://t.co/FiH3uLNzp5
— Laurent Espitallier (@FrenchHope) November 22, 2021
Not to mention, public places are teeming with fingerprints. Previously, security researchers have demonstrated how biometric authentication systems are vulnerable. But exploits that fooled these systems needed sophisticated systems.
Internet users could rest easy because the high cost of acquiring these systems usually defeated the purpose of bypassing biometric security. But, a cheap method to acquire fingerprints could completely unravel the security layers protecting devices and accounts.
Kraken has published research on Friday about how an attacker could bypass fingerprint scanners with wood glue: https://t.co/vgrVFxyIw0
However, the technique isn't new and was detailed by Cisco Talos first, back in April 2020: https://t.co/k71E3gDofg pic.twitter.com/59RzEsEkwf
— Catalin Cimpanu (@campuscodi) November 22, 2021
Researchers working at Kraken Security Labs have managed to do exactly that. Using commonly available and inexpensive materials, researchers recreated fingerprints. These cloned fingerprints successfully unlocked most modern-day devices relying on biometric authentication systems.
A clear image of a fingerprint, a printer, and some carpenter’s glue is all that is needed to defeat fingerprint-based biometric authentication?
Movies have routinely shown fingerprints can be easily obtained from multiple surfaces. Shiny surfaces, such as a phone, mirror, and even tabletops, are common places where fingerprints appear, routinely in concerning detail.
As the team demonstrates, it is surprisingly easy to “lift and steal” a fingerprint. Attackers merely need a clear image of the same. Most modern-day smartphones have cameras with astonishing capabilities and can offer images of fingerprints.
Thereafter, attackers can clean the image and obtain outlines of the stolen fingerprint. A printer that can print on clear acetate sheets then offers a printed copy of the fingerprint. Some wood glue carefully smeared over the printed fingerprint gives a cloned fingerprint in amazing clarity.
Concerningly, attackers can reuse such stolen fingerprints because the wood glue is surprisingly resilient to damage, and retains the printed fingerprint.
Hacking Fingerprints Is Actually Pretty Easy—and Cheap! Kraken Security Labs demonstrates a way to hack someone's fingerprint with $5 worth of supplies 👀 https://t.co/nPvwDSDkok
— ReconSecureComputing (@SecRecon) November 22, 2021
The Kraken team discovered that such stolen and printed fingerprints can fool state-of-the-art fingerprint sensors.
“We were able to perform this well-known attack on the majority of devices our team had available for testing. Had this been a real attack, we would have had access to a vast range of sensitive information.”
The simple and oft-repeated advice to defeat such thefts from becoming successful is to use Multi-Factor Authentication (MFA) or at least Two-Factor Authentication (2FA).