“Finger-swiping friction sounds can be captured by attackers online with a high possibility” - New research shows your fingerprints can be digitally recreated just from the sounds they make

Image Credit: Pixabay (Image credit: Image Credit: ar130405 / Pixabay)

New research has found that your fingerprints can be recreated just from the sounds they make on a touchscreen, and then used to attack biometric security measures.

While this sounds like something straight out of the plot of a budget spy film, the findings (PDF) from team of researchers from the US and China found that by using this technique, they were able to crack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.”

The technique utilizes a side-channel attack called PrintListener to match an individual's fingerprint to a MasterPrint or DeepMasterPrint dictionary to fool the Automatic Fingerprint Identification System (AFIS) into detecting a legitimate and authorized fingerprint.

Finger friction is now a security risk

The team of researchers tested their PrintListener technique “in real-world scenarios” that resulted in successful attacks using both partial and complete fingerprints, significantly outpacing the success rates of MasterPrint dictionary attacks.

As you would expect, the sophistication of the PrintListener algorithms is immense with a highly complex workflow required to generate a fingerprint from isolated friction sounds that are muddled in the background noise of a Discord or FaceTime call.

Physiological and behavioral factors then have to be taken into account as they can influence the sound a finger makes on a screen, which the researchers addressed by using a technique known as minimum redundancy maximum relevance (mRMR) alongside an adaptive weighting strategy.

These techniques identify the features of the left loop, right loop, and the whorl of a fingerprint from the frictional sound characteristics which can then be used to generate synthetic fingerprints. In one in four attacks, the PrintListener technique was able to successfully attack AFIS using partial fingerprints, and in almost one in ten cases using complete fingerprints.

There have been significant concerns about threat-actors using photographs of individuals' hands to bypass biometric identification measures, with some people exercising extra care when having their pictures taken.

Via Tom’s Hardware

More from TechRadar Pro

Take a look at our guide to the best multi-factor authorization apps available
Here are our rankings of the best VPN services on the market
Notorious NSO Group exploits flaw to send malicious messages and more

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.