Third, when the researchers finally managed to make a proper model, it turned out that the polymer it was made of was too hard, and not a single scanner was fooled by it. Second, the photopolymer used in the budget 3D printer had to be heated after printing, which altered the dimensions of the model. First, the program in which the researchers created the drawing did not allow them to set its size.
Next, the flat image has to be turned into a 3D model and printed on a 3D printer. So it’s not impossible to find scanned fingerprints online or buy them cheaply on the darknet. This method is technically more complicated, but the good news for petty thieves is that not all companies that handle biometric data store it reliably. Method 2: Get hold of a scanner imageĪnother way is to get hold of a fingerprint taken with a scanner. The obvious difficulty is that the attacker needs the victim to be in a suitable state and physically accessible. Any soft material that sets is suitable for example, modeling clay.Īn attacker can then use the mold to make a fake fingertip. It is possible to take a mold of the target fingerprint when, say, the victim is unconscious or indisposed. The research team found three ways to do that. To make a physical copy of a fingerprint, you obviously have to acquire one. If the settings are stricter and the margin of error is lower, the scanner is harder to trick, but the gadget is also more likely to fail to recognize its real owner. The higher that margin, the easier it is to fake a fingerprint. Because no existing fingerprint-reading method is perfect, each manufacturer allows a certain margin of error. Having gotten your fingerprint, the scanner or operating system matches it against the one stored in the device. What’s more, it “hears” not only the part of the finger close to the surface, but also the edges further away from the sensor, so that the image is closer to three-dimensional, which helps the scanner detect fakes using flat copies of prints. This type of scanner does not need to be in contact with the finger, so it can be located under the screen.
Greater contact (fingerprint ridges) causes more discharge gaps between the skin and the sensor (fingerprint valleys) cause less. When the finger touches the scanner, it discharges these capacitors. They create an image by means of a small electric charge generated by miniature built-in capacitors that can store electricity.
Capacitive scanners are the most common.The Cisco Talos team focused on the three most popular: Each type of scanner recognizes fingerprints in its own way. The basic idea is simple: Place your finger on a smartphone or laptop scanner or smart lock and the sensor extracts an image of your fingerprint. Fingerprint authorization - theoryįirst, a refresher on how fingerprint scanners work. Our colleagues at Cisco Talos decided to see how easily they could trick various types of fingerprint scanners in modern devices, or whether the technology is at last secure. Last year, for example, manufacturers began equipping smartphones with ultrasound fingerprint scanners concealed under the screen, doing away with the need for additional panels and being, at least in theory, more secure. But technology never stands still, and improvements showed hope. Back in 2013, shortly after the release of the iPhone 5S with TouchID, researchers showed the technology was crackable by photographing a fingerprint on a glass surface and using it to make a mold that could fool the system.
KasperskyPremium Support and Professional Servicesįor years, the security of fingerprint-based authorization has been a topic of fierce debate.
Kaspersky Internet Security for Android.