06:41 GMT +322 August 2019
Listen Live

    That Super-Secure Thumbprint Technology on Your Phone is Now Useless

    © Flickr / Japanexperterna.se
    Get short URL

    US officials assured the hack victims of that massive data breach of federal government workers that technology did not exist to misuse stolen fingerprints, but two researchers just changed that.

    Michigan State University researchers Kai Cao and Anil Jain have mastered the art of recreating a fingerprint, rendering common cellphone security measures useless, as announced in a paper published last month. While the researchers aren’t the first to fake fingerprints, their simple method can easily be replicated in any home office.

    The revelation is troubling, coming only months after the Office of Personnel Management notified 5.6 million people that hackers had copied their fingerprints in a massive government data breach. At the time, OPM promised that "federal experts believe that, as of now, the ability to misuse fingerprint data is limited."

    OPM warned, however, that the possibility that fingerprint records could be used illicitly on a wide-scale "could change over time as technology evolves." As Kai Cao and Anil Jain’s research shows, the technology has, in fact, changed.

    How Did The Researchers Streamline Recreating Fingerprints?

    Cao and Jain began by installing special ink cartridges and paper into a Brother inkjet printer, such as one you might find in many home offices.  The ink conducts electricity when printed on specialized paper, creating a printed circuit. The researchers then scan a fingerprint in high resolution, mirror it, and print it.

    Using this simplified fingerprint-spoofing method, researchers then placed the fake print onto fingerprint readers for two popular Android phones, a Samsung Galaxy S6 and a Huawei Hornor 7. Although both phones were designed to unlock only if the owner uses their finger, the fake print fooled readers for both devices.

    The announcement, however, is particularly troubling because fingerprints aren’t only for unlocking smartphones, but they are also used to authorize financial transactions. Unlike a compromised password, a compromised fingerprint cannot be reset. That is dire news for the 5.6 million OPM hack victims who may never again have sole ownership of their financial records.


    Daesh Vows Revenge on Facebook, Twitter Chiefs for Anti-Terrorism Action
    Snowden Dismisses FBI Claims Only Apple Can Hack iPhone
    US Presidential Hopefuls Try to Use Snowden's Name as 'Bargaining Chip'
    Silicon Valley Giants Rally Behind Apple, File Brief in California Court
    cybersecurity, data breach, hackers, hacker attack, fingerprint scanners, fingerprints, US Office of Personnel Management (OPM), Michigan State University, Anil Jain, Kai Cao, United States
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik