Michigan State Researchers Spoof Galaxy S6 Fingerprint Scanner With Inkjet Printer
Say what now? As rudimentary as that sounds, the researchers demonstrated in a video posted to YouTube exactly how this works. They used a color inkjet Brother MFC-J5910DW printer outfitted with three silver conductive ink cartridges and one normal black cartridge to print out fingerprints that were used to lock down a Samsung Galaxy S6 and Huawei Honor 7. In both cases, the printed fingerprints were successful in unlocking the phones.
"We tried several fingers of different subjects and all of them can successfully hack these two phones. But, Huawei Honor 7 is slightly more difficult to hack (more attempts may be required) than Samsung Galaxy S6," the researchers noted.
The hack isn't quite as simple as the researchers make it sound. For one, they note that it doesn't work on all smartphones, and as device makers implement better versions of fingerprint scanners, this method could become even less effective. But the real caveat is the need to obtain a person's fingerprint. It's not as though you could walk up to a target, pick his pocket, and then ask for a picture of his finger.
On the flip side, the researchers note that fingerprint spoofing isn't new by any means.
"Just a few days after iPhone 5S was released, Germany's Chaos Computer Club hacked the capacitive sensor built in the phone by lifting a fingerprint of the genuine user off a glass surface and then making a spoof fingerprint. A similar spoofing technique was also used to successfully attack Samsung Galaxy S6," the researchers added.
Biometric security is evolving to include face, iris, and voice recognition, though the researchers say it's only a matter of time before hackers develop improved hacking strategies for this additional methods as well.