Skip to main content

Hackers use a photograph of a fingerprint to bypass phone security

GeekPwn 2019
(Image credit: GeekPwn)

It seems that using your fingerprints as a method of unlocking your phone might not be quite as secure as you first though. All it takes to trick a fingerprint reader is a photograph of a print, a special app, and some relatively cheap hardware.

Chinese hackers say they have devised a method for bypassing biometric security on smartphones in just 20 minutes. As Tom's Guide reports, using photographs of fingerprints left on glass, the X-Lab team from Tencent Security showed how it was possible to create cloned physical fingerprints that were sophisticated enough to fool fingerprint scanners.

The team gave a demonstration at the GeekPwn 2019 hacking conference in Shanghai. During it, team leader Chen Yu invited an audience member to touch a glass, and the resulting fingerprints were then photographed.

Using a specially developed app, the photograph was processed and a physical model created using hardware that was not publicly revealed. The exact method used has not been explained, but it is assumed that some sort of advanced 3D printer was used. The technique was used to successfully trick three smartphones and two other machines with fingerprint readers.

Time to wear gloves

As if the ability to bypass the biometric security was not worrying enough, it gets worse. The security breach can be executed in a mere 20 minutes, and it is far from expensive. Speaking to Chinese media, Yu revealed that hardware costing just $140 (about £110, AU$200) was needed, meaning that it's something that's hardly limited to being used by large organisation or rich individuals.

Time to remember to wipe away any evidence you might leave behind after yourself, perhaps... or just take to wearing gloves all of the time! You might also want to consider switching to a different security mechanism on your phone, such as facial recognition, or just a really lengthy PIN.