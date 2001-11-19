Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Unlock any Type of Phone Using Photographed Fingerprints in Just 20 Minutes

posted by martyb on Saturday November 02, @04:26AM   Printer-friendly
from the under-your-thumb dept.
Security

MrPlow writes:

Submitted via IRC for AndyTheAbsurd

Hackers Unlock Any Phone Using Photographed Fingerprints In Just 20 Minutes

According to the Chinese blog Abacus, Tencent's X-Lab team showed how this technique works at the recent GeekPwn 2019 hacking conference in Shanghai. X-Lab's leader Chen Yu asked an audience member to touch a glass and took a photo of the fingerprints.

Yu then ran the photo through an app they have developed in house, which extracts and process the necessary data to clone a physical fingerprint. The team didn't show the physical cloning process, but we can assume that they used a 3D printer like other people have done in the past. He then proceeded to use the cloned fingerprint to open three smartphones that had been registered with the audience member's fingerprint — plus two event registration machines that use fingerprint scanners.

[...] Each of those phones used one of the three existing fingerprint scanning technologies: capacitive, optical. and ultrasonic, like the one in the Samsung Galaxy S10. The latter one is especially worrying, since this technology is supposed to avoid this type of hack by scanning the three-dimensional structure of your fingerprint.

[...] In other words: fingerprint security sucks. And facial identification is not that much better, really. If you are really worried about security, the only thing you can do is probably use a longer password.

Still harder than shoulder-surfing or having no password, right?


«  Google Acquires Fitbit for $2.1 Billion
Hackers Unlock any Type of Phone Using Photographed Fingerprints in Just 20 Minutes | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 3, Insightful) by Runaway1956 on Saturday November 02, @04:52AM

    by Runaway1956 (2926) Subscriber Badge on Saturday November 02, @04:52AM (#914951) Homepage Journal

    If you are really worried about security, the only thing you can do is probably use a longer password.

    I would say that if you are worried about security, use that longer password, AND biometrics. Let's back up a bit. "Something you know, something you have, and something you are".

    http://www.pearsonitcertification.com/articles/article.aspx?p=1718488 [pearsonitcertification.com]

    Understanding the Three Factors of Authentication

    Page 1 of 1
    Authentication is the first step in access control, and there are three common factors used for authentication: something you know, something you have, and something you are. This article provides you with good understanding of the three factors of authentication and how they can be used together with multifactor authentication.

    IMO, it has been sufficiently demonstrated that one factor authentication is almost trivially bypassed. Two factor is less trivial, but 2fA is being bypassed. When we are offered three factor, we need to adopt it, and quickly. Meanwhile, the factors all need to be improved upon. A fingerprint scanner, for instance, shouldn't be so easy to bypass. The scanner should be able to distinguish between a living human finger, and some crap stirred into paste or film to resemble a human fingerprint.

    --
    My CoC: do whatever I want to do, and to hell with anyone who is "offended".
(1)