Researcher uses 3D-printed fingerprint to spoof biometric authentication
Bypassing biometric authentication was not much of a challenge for hackers at this year’s Def Con virtual hacking conference, Infosecurity Magazine reports.
Security researcher Yamila Levalle from Dreamlab Technologies explained how she went around the biometric authentication feature in multiple fingerprint readers simply by using a low-cost 3D printer.
“Biometric systems are essentially pattern recognition systems that read as input biometric data, then extract the feature set from such data, and finally compare it with a template stored in a database,” Levalle said during the event.
Levalle explained that even though the industry is moving toward biometric security, there are still attacks that could breach these types of systems, including physical, presentation and spoofing attacks. The focus of Levalle’s presentation was on fingerprint spoofing attacks. She became interested in this type of attacks after Aerolineas Argentinas airline employees used silicon fingerprints to deceive scanners tracking work attendance.
According to Levalle, a good number of fingerprint scanners available today can be easily tricked with 3D printed molds because they are not analyzing all the unique features in a print. Throughout her research, she used a Anycubic Photon 3D printer that prints to a resolution of 25 microns, getting quite close to human fingerprint ridges, which are between 20 to 60 microns high.
Levalle used a digital camera with a macro feature to collect latent fingerprints, then she used an open source python tool to improve image quality. The model was then developed based on the image that was uploaded in the 3D modelling tool, TinkerCAD in this case. Levalle said length and width configuration was the most challenging because she did not have access to a digital microscope. Overall, it took her about 10 tries to create a fingerprint that could bypass biometric authentication.
“It’s not easy to duplicate the fingerprint, it takes time and experience, but it can be done,” she said.
Article Topics
authentication | biometric identification | biometrics | biometrics research | fingerprint readers | spoofing
Comments