New research has found that your fingerprints can be recreated simply from the sounds they make on a touchscreen and then used to attack biometric security measures.
While this sounds like something straight out of the plot of a low-budget spy movie, findings (PDF) from a team of US-Chinese researchers found that by using this technique, they were able to decipher “up to 27 .9% of partial fingerprints.” and 9.3% complete fingerprints in five attempts at the highest security FAR [False Acceptance Rate] adjustment of 0.01%”.
The technique uses a side-channel attack called PrintListener to match an individual's fingerprint to a MasterPrint or DeepMasterPrint dictionary to trick the Automatic Fingerprint Identification System (AFIS) into detecting a legitimate, authorized fingerprint.
Finger Friction Now a Safety Risk
The team of researchers tested their PrintListener technique “in real-world scenarios” that resulted in successful attacks using partial and full fingerprints, significantly surpassing the success rates of MasterPrint dictionary attacks.
As expected, the sophistication of the PrintListener algorithms is immense and a highly complex workflow is required to generate a fingerprint from isolated friction sounds that blend into the background noise of a Discord or FaceTime call.
Then, physiological and behavioral factors must be taken into account as they can influence the sound a finger makes on a screen, which the researchers addressed using a technique known as minimum redundancy and maximum relevance (mRMR) along with a strategy adaptive weighting.
These techniques identify the left loop, right loop, and whorl characteristics of a fingerprint from friction sound characteristics that can then be used to generate synthetic fingerprints. In one in four attacks, the PrintListener technique was able to successfully attack AFIS using partial fingerprints, and in almost one in ten cases using full fingerprints.
There have been significant concerns about threat actors using photographs of people's hands to bypass biometric identification measures, and some people are especially careful when taking photographs.
Via Tom Hardware