Touchscreen Nightmare: Hackers Can Steal Your Fingerprints By Listening To You Swipe
Biometric authentication has become quite prevalent, especially in the mobile device market, where there are now in-display fingerprint readers and other technologies. Estimates state that by 2032, the market size of fingerprint authentication will touch USD 99.9 billion. With this prevalence, research into this area could be incredibly useful for those looking to exploit devices for data theft, but also for improving fingerprint technology overall. Akin to the previously mentioned data theft via keystroke sounds, the researchers in this study propose a side-channel attack against swiping actions to get partial fingerprints.
The attack, dubbed PrintListener, “leverages users’ swiping actions on the screen to extract fingerprint features and synthesize a stronger MasterPrint sequence based on these features to conduct dictionary attacks on users’ fingerprints.” This can be done via social software with voice and video capabilities, to capture what they call “swiping friction sound.” These sounds can then be fed into a prediction model to reconstruct fingerprint images. While not a perfect system, with the capability to “attack up to 26.5% of partial fingerprints and 9.3% of complete fingerprints,” it is still rather concerning.
Though we don’t expect this to be the hot new attack vector for malicious mobile apps and threat actors, it raises some interesting questions about what we generally trust to be secure. Traditionally, biometrics are just a trusted part of security measures and are not often questioned. However, with this new research discovery, it is now feasible to recreate fingerprints to attack sensitive information, payment apps, or other bits of secure information on a device.
