The dawn of the fingerprint sensor finally brought convenient security to our smartphones, or so we thought. Researchers at Michigan State University, however, were able to demonstrate how an inkjet printer can print a 2D image of a fingerprint in order to unlock smartphones.
The secret is in the ink and paper. You’ll need to use silver conductive ink, which is designed to print circuit boards, and a special paper designed for printing electric circuits. The researchers used AgIC silver conductive ink cartridges, as well as AgIC conductive paper. The cartridges come in a three-pack and replace the Yellow, Magenta, and Cyan colored cartridges in the inkjet printer.
The other major step is grabbing the fingerprint itself. The fingerprint image was achieved by scanning a finger at least 300 dots per inch (dpi), followed by reversing the image in a horizontal direction.
Once printed, it’s a simple as cutting the paper down to a little larger than the fingerprint itself. The experiment involved placing the small piece of paper with the printed fingerprint on the sensors of the Samsung Galaxy S6 and Huawei Honor 7. As you can see in the video above, the printed fingerprint easily unlocked the devices.
The report implies this method can be done on most smartphones with a fingerprint sensor, but an iPhone was never used in the demonstration. The researchers said newer phones might not be able to be spoofed, but they didn’t get into specifics.
This method really isn’t new, but it’s a more efficient version of how it was done in the past. Scanning a fingerprint is the easy part, assuming you have the finger, but the printing process was more tedious. Previous methods involved printing a 2.5D image using latex milk or white wood glue. The problem is that it took 20 to 30 minutes for it to dry, whereas silver conductive ink is instant.
The researchers hope this experiment will persuade smartphone manufacturers to develop better anti-spoofing techniques. However, they warn that even if better techniques are released, hackers will likely develop improved strategies to thwart those newer systems. Isn’t that the cycle of hacking?
Now before anyone goes into a panic, there are a lot of things that need to go right before anyone can do this to your phone. The first thing is they have to know you as the owner of the phone in order to get a clean image of your fingerprint. Scanning a finger is by far the best method, but it’s unlikely a hacker will able to trick you into placing your finger on an image scanner.
However, it’s possible a fingerprint could be lifted off of the device. The report mentions how Germany’s Chaos Computer Club was able to lift fingerprints off of the iPhone’s glass surface by taking a picture or scanning it at 2400 dpi or higher. However, this shouldn’t be mistaken for stealing the fingerprint that’s actually saved on the phone’s memory itself, it’s merely taking a picture of a smudged fingerprint that’s left behind. I will let you be the judge as to the chances that a hacker would be able to get a clear image of your fingerprint off of your device at any given time.
It should also be noted that AgIC’s cartridges only work on specific Brother printers, which have been discontinued. Obviously used models are available online, but a hacker would need to deep clean the heads several times in order to remove any residue left from the colored cartridges.
It’s possible the conductive ink could be used to fill other branded inkjet cartridges, but Steve Hodges, head of the sensors and devices group at Microsoft Research in Cambridge, prefers Brother printers because they are known to eject higher volumes of ink per nozzle than other brands. We haven’t seen similar tests using other printer brands, so it’s unclear if they can be used.
So using this method could potentially give a hacker access into your phone, but it won’t be easy. If it were, the FBI wouldn’t need Apple to unlock phones. Plus, you always have the opportunity to remote wipe your device before anyone can break into it.
March 7, 2016