FB pixel

Scientists recreate fingerprints from the sound of swiping on a touchscreen

Scientists recreate fingerprints from the sound of swiping on a touchscreen
 

Hackers may have a new way of obtaining your biometric data – by secretly listening in to the sound of your finger swiping on your smartphone.

A team of scientists from China and the United States say they have devised a side-channel attack on minutiae-based automatic fingerprint identification systems (AFISs) which allows them to extract fingerprint patterns from the sound of friction produced by swiping on a touchscreen. Side channel attacks exploit information that is inadvertently leaked by a system.

The researchers have named the new attack PrintListener. They claim that the new attack method could increase the efficiency of MasterPrints, ringing alarm bells for the security of fingerprint authentication.

MasterPrints are synthetic fingerprints designed to be generic enough to match a large number of fingerprints and fool a biometric system. PatternMasterPrints works similarly but it also adds information from the patterns of an individual user swiping a screen, increasing the chance of matching with a real fingerprint.

PrintListener uses algorithms to process the audio signal of the sound of friction of a finger swiping through a screen, which has unique biometric characteristics. This is then used to synthesize PatternMasterPrints.

Attackers could potentially obtain these audio signals with the help of malware while users engage with social apps, such as gaming through Discord or making calls through Apple FaceTime or Skype.

“After eavesdropping on the user’s finger friction sound through a social network, PrintListener generates a specialized PatternMasterprint sequence specifically designed for the user’s fingerprint,” the team writes in their paper.

The team has also performed real-world experiments showing that PrintListener can attack up to 26.5 percent of partial fingerprints and 9.3 percent of complete fingerprints within five attempts at the highest security FAR setting of 0.01 percent. This far exceeds the attack potency of MasterPrint, they note.

The paper was authored by researchers from Huazhong University of Science and Technology in Wuhan, China, Beijing’s Tsinghua University and the University of Colorado Denver. The research will be presented at the Network and Distributed System Security Symposium (NDSS) 2024, taking place from 26 February to 1 March 2024 in San Diego, California.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

HHS removes Login.gov from grantee payment system after cyberattack

The U.S. Department of Health and Human Services has removed Login.gov from its grantee payment platform after a security breach…

 

City of Clemson pilots Intellicheck ID verification to prevent underage drinking

Identity verification provider Intellicheck and the city of Clemson have launched a 12 month pilot program that uses identity verification…

 

Rumors of liveness detection’s defeat have been greatly exaggerated

Photo and video face filters are perhaps the most mainstream use case for augmented reality –  and an illustrative test…

 

Companies House takes new measures to fraud fight, but not biometric IDV

Companies House, the UK’s business registry, has begun rolling out new tools to fight fraud and help cleanse the register…

 

Mitek: quarterlies, annuals, SEC actions

April 4, 2024 – Mitek is getting back on track with its financial reporting, which may be more reflective of the…

 

Jamaica parliament soon to receive draft digital ID regulation for scrutiny

Plans are being finalized to send the draft regulation on Jamaica’s digital ID program to the country’s parliament for examination…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events