Logging into your phone with a scan of your fingertip is supposed to be the safest way to secure your phone. But a new study shows that may not be the case.
A team of researchers at Michigan State University have shown that for less than $500 they can hack your phone. The method involves scanning an image of someone's fingerprint, reversing the scan so it's correctly oriented and printing it on a special piece of paper with silver conductive ink. Once a fingerprint has been stolen, it can't be so easily replaced.
This is a far simpler exploit than a previously publicized attack which involved taking an image of a user's actual fingertip and manufacturing a fake fingerprint using wood glue or latex. Still others have come up with a range of tactics for stealing fingerprint data, including obtaining a fingerprint scan stored on an actual phone.
Though quick and automated, the study's procedure does have its flaws. It requires a 300 dots-per-inch resolution scan of the fingerprint in order to work effectively and that may be difficult to get.
"Typically [you can get it] with the cooperation of the person (collusion) or if the person leaves a close to complete print on the surface he/she touches," Anil Jain, co-author of the Michigan State University study and professor of computer science and engineering told Mic.
Kai Cao, co-author of the study and postdoctoral researcher at MSU, said the study is aimed at debunking myths that biometric security is a cure-all for mobile identity security. Now, he says, he and Jain plan to develop anti-spoofing technology that would prevent hackers from stealing biometric identification in the future.
h/t Boing Boing