- Sputnik International
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

That Super-Secure Thumbprint Technology on Your Phone is Now Useless

© Flickr / Japanexperterna.seSmartphone
Smartphone - Sputnik International
US officials assured the hack victims of that massive data breach of federal government workers that technology did not exist to misuse stolen fingerprints, but two researchers just changed that.

Michigan State University researchers Kai Cao and Anil Jain have mastered the art of recreating a fingerprint, rendering common cellphone security measures useless, as announced in a paper published last month. While the researchers aren’t the first to fake fingerprints, their simple method can easily be replicated in any home office.

Hacking - Sputnik International
Teen 'Cracka' Hacker Behind CIA Director's Email Breach Arrested in UK

The revelation is troubling, coming only months after the Office of Personnel Management notified 5.6 million people that hackers had copied their fingerprints in a massive government data breach. At the time, OPM promised that "federal experts believe that, as of now, the ability to misuse fingerprint data is limited."

OPM warned, however, that the possibility that fingerprint records could be used illicitly on a wide-scale "could change over time as technology evolves." As Kai Cao and Anil Jain’s research shows, the technology has, in fact, changed.

How Did The Researchers Streamline Recreating Fingerprints?

Cao and Jain began by installing special ink cartridges and paper into a Brother inkjet printer, such as one you might find in many home offices.  The ink conducts electricity when printed on specialized paper, creating a printed circuit. The researchers then scan a fingerprint in high resolution, mirror it, and print it.

James Clapper, Director of National Intelligence. - Sputnik International
Hacker Strikes Again: James Clapper’s Personal Email Taken Over

Using this simplified fingerprint-spoofing method, researchers then placed the fake print onto fingerprint readers for two popular Android phones, a Samsung Galaxy S6 and a Huawei Hornor 7. Although both phones were designed to unlock only if the owner uses their finger, the fake print fooled readers for both devices.

The announcement, however, is particularly troubling because fingerprints aren’t only for unlocking smartphones, but they are also used to authorize financial transactions. Unlike a compromised password, a compromised fingerprint cannot be reset. That is dire news for the 5.6 million OPM hack victims who may never again have sole ownership of their financial records.

To participate in the discussion
log in or register
Заголовок открываемого материала