Two researchers from Michigan State University’s biometrics group have devised a method for hacking mobile phone’s fingerprint authentication by using just a color inkjet printer, a special type of paper and ink.
Hacking the fingerprint sensor
The attack is easy to execute.
The first step is to scan the target’s fingerprint image at 300 dpi or higher resolution. Then, the image is mirrored and the original or binarized fingerprint image is printed on the glossy side of an AgIC special paper. The printer that does that is fed with AgIC silver conductive ink cartridges (along with normal black ink).
All in all, an attacker can have a spoofed fingerprint that would allow him to access a phone protected with fingerprint authentication in less than 15 minutes, and the cost of all the tools he needs to do this does not surpass $500.
Researchers Kai Cao and Anil Jain successfully managed to fool the fingerprint sensors on the Samsung Galaxy S6 and Huawei Hornor 7 phones.
Here is a demonstration of the attack:
More details about their research can be found in this paper.
The attack is an improvement over CCC hackers’ attack against Apple’s Touch ID.