Researchers at Michigan State University claim to have been able to spoof human fingerprints in a way that tricks smartphone fingerprint scanners into allowing unauthorized access to users trying to hack into devices protected by such technology. According to the report, smartphones like the Galaxy S6 from Samsung and the Honor 7 from Huawei were used to demonstrate the glaring security loophole as a proof-of-concept experiment. The method outlined by the researchers can apparently be replicated by just about anybody. The result comes across as an amazingly simple plan that requires just a few products which are fairly easy to obtain from the open market, including a regular consumer-grade inkjet printer, along with conductive ink cartridges and glossy paper made by AgIC.
For the uninitiated, AgIC is a tech startup based out of Tokyo, Japan. The company was founded in 2014 and was announced to the world as a Kickstarter project in the same year. The company produces conductive inks and special paper that allows users to print electronic circuit boards using inkjet printers. To gain access into somebody else’s smartphone by spoofing their fingerprint, all that is apparently required, is a good photograph of the subject’s fingerprint, which should preferably be obtained from a glass surface for clarity. Once the photograph is in place, users will need to scan it into a computer so that it can be printed onto the glossy paper. Before doing that, of course, the image of the fingerprint needs to be reversed so that it matches the actual orientation of a finger when using the biometric scanner on the smartphone.
The image then needs to be printed onto the aforementioned AgIC paper, with proper care taken to ensure that the size of the printed fingerprint matches that of an actual finger. The image thus obtained, can now be used to gain access to at least the two smartphones that are mentioned above. Of course, the method does not apply to all smartphones that use 2D fingerprint scanners, but with mobile devices being increasingly used for mobile payments and other critically important purposes, the researchers called for smartphone manufacturers to better incorporate anti-spoofing techniques so as to keep the public safe from any security and privacy-related issues arising out of such scenarios.