Easier fingerprint spoofing

In September 2013, the German Computer Chaos Club (CCC) demonstrated the first hack of Apple’s TouchID. Since then, they repeatedly defeated every new version both from Apple and Samsung. Their solution implies to create a dummy finger. This creation is a complex, lengthy process. It uses a typical photographic process with the copy of the actual fingerprint acting as the negative image. Thus, the master fingerprint is printed onto a transparent sheet at 1,200 dpi. This printed mask is exposed on the photosensitive PCB material. The PCB material is developed, etched and cleaned to create a mold. A thin coat of graphite spray is applied to improve the capacitive response. Finally, a thin film of white wood glue is smeared into the mold to make it opaque and create the fake finger.

Two researchers (K. CAO and A. JAIN) at the Michigan State University disclosed a new method to simplify the creation of the fake finger. They use conductive ink from AgIC. AgIC sells ink cartridges for Brother printers. Rather than making a rubber finger, they print a conductive 2D image of the fingerprint. And, they claim it works. Surprisingly, they scan the user’s fingerprint at 300 dpi whereas the CCC used 2,400 dpi to defeat the latest sensors.

As fingerprint on mobile devices will be used for more than simple authentication but also payment, it will be paramount to come with a new generation of biometrics sensors that also detect the liveliness of the scanned subject.

Leave a Reply

Your email address will not be published. Required fields are marked *