A Regular Inkjet Printer Can be Used to Spoof Galaxy S6's & Honor 7's Fingerprint Sensor

[RedRound2]

Source: http://www.androidauthority.com/inkjet-printer-spoofs-smartphone-fingerprint-scanners-678289/

Researchers at Michigan State University demonstrated how easy it is to trick the fingerprint sensor found on S6

 

 

Quote

A regular inkjet printer using conductive inks can be used to print fingerprints on paper and unlock fingerprint scanner-equipped phones including the Galaxy S6 and honor 7.

The scariest part of this demonstration is that the phones are unlocked with a piece of paper. It works because the researchers use a conductive ink and paper by a company called AgIC. The entire process can reportedly be completed in 15 minutes.

 

 Fortunately, the researchers admit that the method cannot be used to unlock all phones, but warn that as OEMs improve anti-spoofing techniques, so too will hackers develop improved hacking strategies.

This is just absurd. While everyone craps on Apple for pretty much everything atleast they take these kind of things seriously.

I'm honestly surprised that it took this long for someone to actually test fingerprint sensors on other phones. Hopefully this sparks interest to check out all other fingerprint equipped phones

[ShadowCaptain]

The whole "people can print out fingerprints" argument is kind of bullshit

If somebody picks up my phone that fell out of my pocket on the street... they do not have a perfect back up copy of my fingerprint on file ready to print out

if somebody wanted to force me to unlock it they could just hold my finger on the sensor, the same as forcing me to tell them my pin number

 

It doesnt make this tech "less secure"

[ZetZet]

5 minutes ago, ShadowCaptain said:

The whole "people can print out fingerprints" argument is kind of bullshit

If somebody picks up my phone that fell out of my pocket on the street... they do not have a perfect back up copy of my fingerprint on file ready to print out

if somebody wanted to force me to unlock it they could just hold my finger on the sensor, the same as forcing me to tell them my pin number

 

It doesnt make this tech "less secure"

finger print is definitely less secure than a pin. They can cut your finger off. 

[Paralectic]

2 minutes ago, ZetZet said:

finger print is definitely less secure than a pin. They can cut your finger off. 

Yeah and they can waterboard you too, nice shitpost.

[ShadowCaptain]

4 minutes ago, ZetZet said:

finger print is definitely less secure than a pin. They can cut your finger off. 

they can put a gun to my head, or social engineering to find my memorable number or look over my shoulder to get my password

also a cut off finger technically would not work, since they have a capacitive surface so dead flesh would not activate teh sensor, also I know the iPhone model reads subdermal prints which cannot be read from dead tissue (maybe if its fresh i dunno)

[Unhelpful]

1 minute ago, Paralectic said:

Yeah and they can waterboard you too, nice shitpost.

Not if you're dead.

[Enderman]

Seriously, nobody has a picture of your fingerprint they can just print out after stealing your phone. Never gonna happen.

[ZetZet]

5 minutes ago, Paralectic said:

Yeah and they can waterboard you too, nice shitpost.

well, if they kill you that doesn't give them the pin

[JorithZ]

2 minutes ago, ShadowCaptain said:

also a cut off finger technically would not work, since they have a capacitive surface so dead flesh would not activate teh sensor, also I know the iPhone model reads subdermal prints which cannot be read from dead tissue (maybe if its fresh i dunno)

If a finger can be reattached after 12 hours im pretty sure it would still work for the scan, but i will admit, not willing to test this.

[Kinda Bottlenecked]

4 minutes ago, Paralectic said:

Yeah and they can waterboard you too, nice shitpost.

 

Not really, zet has a point. 

 

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

http://www.theregister.co.uk/2005/04/04/fingerprint_merc_chop/

 

Although its old news, that shit did happen. Nothing to stop idiots from trying to hack off a persons finger to try and unlock a phone. 

[ShadowCaptain]

Just now, JorithZ said:

If a finger can be reattached after 12 hours im pretty sure it would still work for the scan, but i will admit, not willing to test this.

Are you sure? ill get my saw

 

True, but still, i doubt people are willing to do that just to access your phone haha and they could easily just cut you and make you give them your pin

[ShadowCaptain]

1 minute ago, Pohernori said:

 

Not really, zet has a point. 

 

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

http://www.theregister.co.uk/2005/04/04/fingerprint_merc_chop/

 

Although its old news, that shit did happen. Nothing to stop idiots from trying to hack off a persons finger to try and unlock a phone. 

 

A $70k merc is not a smartphone, 99% of criminals will not want to cut off peoples fingers to nick their phone

[Kinda Bottlenecked]

2 minutes ago, ShadowCaptain said:

 

A $70k merc is not a smartphone, 99% of criminals will not want to cut off peoples fingers to nick their phone

 

The 1% of the idiots are still there. Peeps have already sold organs for a smartphone. Nothing to stop an idiot from just merely taking a "finger". 

[ShadowCaptain]

15 minutes ago, Pohernori said:

 

The 1% of the idiots are still there. Peeps have already sold organs for a smartphone. Nothing to stop an idiot from just merely taking a "finger". 

its highly unlikely and still im sure a mugger could get your pin if he holds a knife to you

[Kinda Bottlenecked]

Just now, ShadowCaptain said:

its highly unlikely and still im sure a mugger could get your pin if he holds a knife to you

 

Yes its very unlikely, but nothing to stop an idiot from doing it. A mugger already has a knife, he/she can also take a finger. 

[LAwLz]

37 minutes ago, RedRound2 said:

This is just absurd. While everyone craps on Apple for pretty much everything at least they take these kind of things seriously.

Android Authority did not include this piece in the article, but some websites like QZ did:

Quote

Cao told Quartz that the spoof worked on the iPhone during an earlier attempt, but it didn’t work when he tried to replicate the result for the technical report. “We unlocked it at the start of the project, but when we prepared the report, I could not unlock the iPhone. I used the same protocol and method. I’m not sure why it didn’t unlock,” Cao said.

So yeah... It works on the iPhone too. Just with a lower success rate (not to mention all the other ways someone can bypass it).

 

Fingerprints, regardless of what technology you use, are terrible as password replacements. Wanna know what happens when your password gets compromised? You change it and carry on with your life. Wanna know what happens if your fingerprint gets stolen? All devices you use fingerprint scanners on will forever be comprised and there is nothing you can do about it.

They are good as usernames, or in combination with a password, but not as passwords on their own.

[ShadowCaptain]

2 minutes ago, LAwLz said:

SNIP.

True but the problem is when a password is stolen, it is changed and your recovery options updated so you cannot even change it

[givingtnt]

50 minutes ago, ShadowCaptain said:

The whole "people can print out fingerprints" argument is kind of bullshit

If somebody picks up my phone that fell out of my pocket on the street... they do not have a perfect back up copy of my fingerprint on file ready to print out

if somebody wanted to force me to unlock it they could just hold my finger on the sensor, the same as forcing me to tell them my pin number

 

It doesnt make this tech "less secure"

some governements do.

 

and they could acess. oh idk tons of locked phones for information

[ShadowCaptain]

3 minutes ago, givingtnt said:

some governements do.

 

and they could acess. oh idk tons of locked phones for information

Dunno look at the Apple case, clearly they couldnt, and they probably had the fingerprints on file

[dtaflorida]

16 minutes ago, ShadowCaptain said:

Dunno look at the Apple case, clearly they couldnt, and they probably had the fingerprints on file

iOS requires pin after a set amount of time or after a restart. I believe it's 24 hours as i often hit this limit on my iPad Air 2. So even if you have prints you can't log in. Does finger print login expire on Android devices or that facial image unlock? If not then that is a security hole, which would let the FBI get right in and never have to even start a legal case with Google. 

[Carde]

Old news this, been the case with so many finger print sensors, as soon as you can lift a decent enough print you can touch it up, print it out and use it.

[ShadowCaptain]

5 minutes ago, dtaflorida said:

iOS requires pin after a set amount of time or after a restart.

 

True

[RedRound2]

52 minutes ago, LAwLz said:

Android Authority did not include this piece in the article, but some websites like QZ did:

So yeah... It works on the iPhone too. Just with a lower success rate (not to mention all the other ways someone can bypass it).

 

Fingerprints, regardless of what technology you use, are terrible as password replacements. Wanna know what happens when your password gets compromised? You change it and carry on with your life. Wanna know what happens if your fingerprint gets stolen? All devices you use fingerprint scanners on will forever be comprised and there is nothing you can do about it.

They are good as usernames, or in combination with a password, but not as passwords on their own.

Notice that they're talking about the 5S here.And even that with very mixed results. Probably the same case with iPhone 6 as they're the same sensor.

But the 6S does have the 2nd generation version which is (in my experience) much faster and far more accurate and I can't seem to find any article claiming they spoofed the 6S sensor

 

As long as sensors get accurate enough with time i dont think its a bad PIN replacement. Obviously have three different sets of passowrd is much safer than one password and its the same case here except it gets better and better every generation without making it unintuitive 

[ForsakenLive]

A fingerprint scanner isn't something done to make a device secure. It's created so people can't access your phone in simple situations.

Let's say you are at work/in school, you leave your phone unattended for a minute, and your classmate/co-worker won't be able to check what message you've just received, look at your pictures, or just prank you by changing a setting. This could also be applied to friends and relatives, that you may not want messing around with your device.

This can also prevent a low tier burglar to access private data.

However, if people are expecting this method to make a device safe, then they just didn't get the point.

[Tech_Dreamer]

exactly replicating a fingerprint from a grimy source actually takes a couple of days on a even a moderate to pro level most of the time , This is under controlled environment, plus one still have to reconstruct the fingerprint through image editing software since most of the source is partial, the usual scenario is deterring quick access by someone close to you accessing the data that's all, no matter how "secure" they make it there is always a way to replicate & gain access if given enough time & resource