How A Printer Can Hack A Phone’s Fingerprint Scanner

The security offered by Touch ID on mobile phones is only as good as the swiftness of the technology, a Michigan State University (MSU) report has found.

The research, which was led by Anil Jain and Kai Cao from the department of computer science and engineering at MSU, successfully demonstrated a technique that anyone could use to break into a cellphone by scanning a 300 dpi fingerprint printed on AgIC paper with conductive silver ink.

While the researchers used a Samsung Galaxy S6 and a Huawei Honor 7 mobile phone to demonstrate the technique, other techniques have earlier demonstrated the ability to bypass fingerprint security on an iPhone 5s, which first introduced fingerprint security into mainstream market.

The latest technique, however, makes it much easier and faster to break into a phone. Germany’s Chaos Computer Club, for example, hacked the capacitive sensor of the phone by lifting a fingerprint off a glass surface and then utilizing it to make a spoof fingerprint.

In another technique, the fingerprint security of a Samsung Galaxy S6 was compromised by photographing the fingerprint and then printing it on a transparent sheet using a thick toner setting and latex milk or white wood glue.

With over 50 percent of smartphones expected to be equipped with fingerprint authentication technology by 2019, the demonstration of a faster hacking process brings to question the viability of using fingerprint authentication for mobile wallets, including Apple Pay, Samsung Pay and Android Pay.

“One of the major pros of a password is how easy it is to reset,” James Lyne, global head of security research at consultancy Sophos, told The Wall Street Journal. “Once you’ve lost a fingerprint, changing these can be extremely difficult.”

While the swiftness of fingerprint security has allowed for faster adoption, a rising number of security concerns has brought about development and usage of alternate biometric methods, including iris scan and voice-powered authentication, as Visa SVP of digital solutions Sam Shrauger pointed out in an interview with WSJ. Using multiple biometric authentication methods on top of good, old passwords is apparently the most secure approach to deal with hacking attempts, he said.