Fingerprint-Protected Phones Vulnerable To Inkjet Attack (softpedia.com)

← Back to Stories (view on slashdot.org)

Fingerprint-Protected Phones Vulnerable To Inkjet Attack (softpedia.com)

Posted by timothy on Saturday March 5, 2016 @07:32PM from the ordinary-household-materials dept.

An anonymous reader writes: Two researchers have come up with a new method of hacking smartphones that use fingerprint biometrics to protect and lock the user's data. Their method only needs a regular inkjet printer, three AgIC silver conductive ink cartridges, a normal black ink cartridge, and special AgIC paper. The entire attack takes no more than 15 minutes. Current tests only included a Samsung Galaxy S6 and a Huawei Hornor 7. The researchers said that while the Samsung was easy to crack, the Huawei phone needed more tries.

5 of 56 comments (clear)

Min score:

Reason:

Sort:

Well, Duh... by Anonymous Coward · 2016-03-05 19:53 · Score: 5, Insightful

We keep seeing this over and over again with bio-metric "security". Bio-metrics are not passwords, and should never have been considered as passwords. Bio-metrics are USER ID's, nothing more. They only identify individual users, they do not authenticate them.
1. Re:Well, Duh... by itsdapead · 2016-03-06 01:49 · Score: 2
  
  They only identify individual users, they do not authenticate them.
  But... but... even if you've stolen somebody's phone you still need a copy of their fingerprint to use this method. You'd need to get hold of something they'd handled recently, preferably with a nice shiny glass or plastic surface, like maybe a.... Oh, wait, yeah, a mobile phone. :-)
  Seriously, though - there is a role for "weak" protection like this as a "line in the sand" - if you have to break a security measure, however feeble, then its hard to subsequently claim innocence or good faith. That's fine, provided everybody knows and understands that limitation.
  End of the day - fingerprint protection makes your phone more secure than your wallet, and is more convenient than a strong password or PIN. It doesn't make your phone a fortress.
  
  --
  In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
iPhone5S or GTFO by rsborg · 2016-03-05 20:08 · Score: 2, Interesting

Clearly their tests didn't work against the industry standard-bearer for biometric login, or their title would be different. So has anyone done work on this since the CCC show an expensive, detailed attack?

--
Make sure everyone's vote counts: Verified Voting
1. Re:iPhone5S or GTFO by 93+Escort+Wagon · 2016-03-05 20:20 · Score: 4, Insightful
  
  If it had worked on an iPhone, the headline would've said "iPhone fingerprint sensor easily defeated with an inkjet printer". The Android phones wouldn't have been mentioned until page two or three of the article.
  
  --
  #DeleteChrome
An iPhone can be unlocked with glue... by JackAxe · 2016-03-05 21:29 · Score: 2

Both the iPhone 5c and iPhone 6: https://www.youtube.com/watch?...

Here's another video showing how easy the iPhone can be unlocked by a spoof: https://www.youtube.com/watch?...

So, why bother with this inkjet setup? it seems complicated compared to just using glue or what appears to be tape.