FB pixel

Fingerprint biometrics for mobile devices perform badly in tests



Do you have something of immense value to lose from your phone, tablet, laptop or even from a locker protected by a biometric padlock? Think it is protected with fingerprint authentication?

You are probably wrong in the extreme unless, possibly, if you are using a device running Microsoft Corp.’s Windows Hello framework. Apple and Samsung owners have room for concern.

A pair of researchers with Cisco Systems Inc.’s Talos Intelligence Group, found that biometrics software running on market-leading consumer hardware often can be defeated — sometimes easily — with a couple thousand dollars, some patience, months of time and a decent 3D printer. They used a domestic ultra-violet LED model precise to 25 microns.

According to the project report, on average, the team achieved an approximately “80 percent success rate while using fake fingerprints, where the sensors were bypassed at least once.” The fingerprint biometrics on consumer mobile devices has evolved little since 2013, when Apple’s TouchID debuted, the report’s authors wrote.

What is more, researchers Paul Rascagneres and Vitor Ventura said that with enough money and motivation and the same decent printer, most mobile devices can be cracked. Their results point directly to the likelihood that a determined state-sponsored crime ring would be rewarded handsomely.

The Telos project had an intentionally low, $2,000 budget, looked at a multitude of fingerprint-cloning factors and involved Apple, Samsung, Huawei , Honor and Windows systems. An AICase padlock also was tested.

Over months of work, the researchers experimented with, among other things, three methods of collecting prints, each of which affected end results significantly. They also examined different ways to optimize scans to make printed molds. And, of course, the pair looked at a variety of both industrial and mundane materials for making the fingerprint clones.

Ultimately, they went through more than 50 printed molds before producing a successful resin oval. The best clone made from that mold was made using common fabric glue.

The device results were disconcerting, but not entirely so.

Hardware running Windows Hello did not crack because, the researchers theorized, Microsoft has created settings requiring more points of print comparison. The researchers wrote that they are confident the software would not withstand a determined effort.

Samsung’s A70 phone could not be broken into, either. However, the researchers said that the phone rejected the legitimate fingerprint more often than all of its competitors in the study. The other Samsung products — the S10 and Note 9 performed poorly.

Apple’s fifth-generation iPad held up far better than did the 2018 MacBook Pro and the iPhone 8 that were tested as well, but that is faint praise.

The Huawei P30 Lite phone and its corporate cousin the Honor 7X should not be trusted near a 3D printer, according to the report. In fact, the 7X performed worst overall among its peers.

The padlock by AICase performed in the middle, but no device did as well as it did when presented with a clone derived from a photograph of a fingerprint on glass, presumably obtained clandestinely.

A research team from Tencent’s X-Lab claimed late last year it could hack into nearly any Android or iOS device in roughly 20 minutes.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


The UK’s election may spell out the future of its national ID cards

Identity cards are back among the UK’s top controversial topics – thanks to the upcoming elections and its focus on…


Challenges in face biometrics addressed with new tech and research amid high stakes

Big biometrics contracts and deals were the theme of several of the stories on that drew the most interest from…


Online age verification debates continue in Canada, EU, India

Introducing age verification to protect children online remains a hot topic across the globe: Canada is debating the Online Harms…


Login.gov adds selfie biometrics for May pilot

America’s single-sign on system for government benefits and services, Login.gov, is getting a face biometrics option for enhanced identity verification…


BIPA one step closer to seeing its first major change since 2008 inception

On Thursday, a bipartisan majority in the Illinois Senate approved the first major change to Illinois Biometric Information Privacy Act…


Identity verification industry mulls solutions to flood of synthetic IDs

The advent of AI-powered generators such as OnlyFake, which creates realistic-looking photos of fake IDs for only US$15, has stirred…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events