“Finger-swiping friction sounds can be captured by attackers online with a high possibility” - New research shows your fingerprints can be digitally recreated just from the sounds they make
Keep your fingers to yourself
New research has found that your fingerprints can be recreated just from the sounds they make on a touchscreen, and then used to attack biometric security measures.
While this sounds like something straight out of the plot of a budget spy film, the findings (PDF) from team of researchers from the US and China found that by using this technique, they were able to crack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.”
The technique utilizes a side-channel attack called PrintListener to match an individual's fingerprint to a MasterPrint or DeepMasterPrint dictionary to fool the Automatic Fingerprint Identification System (AFIS) into detecting a legitimate and authorized fingerprint.
Finger friction is now a security risk
The team of researchers tested their PrintListener technique “in real-world scenarios” that resulted in successful attacks using both partial and complete fingerprints, significantly outpacing the success rates of MasterPrint dictionary attacks.
As you would expect, the sophistication of the PrintListener algorithms is immense with a highly complex workflow required to generate a fingerprint from isolated friction sounds that are muddled in the background noise of a Discord or FaceTime call.
Physiological and behavioral factors then have to be taken into account as they can influence the sound a finger makes on a screen, which the researchers addressed by using a technique known as minimum redundancy maximum relevance (mRMR) alongside an adaptive weighting strategy.
These techniques identify the features of the left loop, right loop, and the whorl of a fingerprint from the frictional sound characteristics which can then be used to generate synthetic fingerprints. In one in four attacks, the PrintListener technique was able to successfully attack AFIS using partial fingerprints, and in almost one in ten cases using complete fingerprints.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
There have been significant concerns about threat-actors using photographs of individuals' hands to bypass biometric identification measures, with some people exercising extra care when having their pictures taken.
Via Tom’s Hardware
More from TechRadar Pro
- Take a look at our guide to the best multi-factor authorization apps available
- Here are our rankings of the best VPN services on the market
- Notorious NSO Group exploits flaw to send malicious messages and more
Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but also likes to draw on his knowledge of geopolitics and international relations to understand the motivations and consequences of state-sponsored cyber attacks. Benedict has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham.