Five minutes, clay and a mold: That was enough to falsify my mark and unlock my mobile

Fingerprint readers are here to stay is evident, since many years ago had just not curdle and stomping them to return until our smartphones. Since then, in parallel, it has been testing its effectiveness and weak to see how they can be improved and, above all, how to avoid points counterfeits. Something that, as we did see recently, it is still possible and very easily and quickly.

If you ever have a mold of your teeth in dental practices then this process will be familiar, as necessary to create the ideal double your fingerprint material is the same paste used in this case. A material that sticks to the surface without leaving space and, like achieves an exact replica of our mouth, so does our footprint, which we reply with something as simple and easy to get as plasticine and our smartphone he gave good.

Fingerprint Sensor

Image Source: Google Image

Made the law, made the clay

The process was as simple as I have discussed: the paste is applied, make a mold of our footprint (just five minutes) and put some dough to remove the replica of this. Careful not to erase it with our egg yolks, and place it we catch up on our phone fingerprint sensor (in this case it was an iPhone 6) and, voila, unlocked with a few grams of blue clay.

Something that not only in the case of Touch ID, it is also possible in other current sensors. The reason: the resolution that current sensors work , creating images of 500-550 dots per inch (dpi), a detail which as we saw is insufficient for the phone to distinguish between true and false impression.

This check came from the hand of Vkansee, a Chinese company that submitted a project related to improving this aspect of the current fingerprint sensors at CES 2015. His proposal is in fact based on creating sensors whose image obtained is greater resolution, namely 2000 dpi, preventing false footprint could be interpreted as good to get a detailed four times higher.

More water, please

Vkansee product is a reduced version of scanners for fingerprints we found on machines for issuing identification documents, namely 1.5 millimeters thick, as we explained Jason Chaikin, CEO. After showing us how easy it was to falsify our footprint, we showed the image detail that gets its sensor (as you can also see in the video that we included), much more defined than what we saw last summer inthe study of FireEye Labs on safety sensors in phones.

What also check is that your sensor works even our footprint is damp or wet directly (check when the Chaikin himself gave us even more water). What was then observed in the image are a few spots or white stripes for the water. Another advantage over current sensors, which do not work well (or not at work) when the tip is wet or damp.

You may also like to read another article on Lab-Soft: Until 25 years of autonomy in wearables and IoT devices with this new RRAM memory

With this they prove it is that current technology can (and should) be improved to be more secure. Of course, this is not to say that current sensors are bad or anything, is very good sensors. But what we found is that you can do a better job.

Reducing size and increasing safety

As mentioned, before a future (or rather present) in which the fingerprint sensor becomes safe access for payment apps, storage in the cloud or simple access to a terminal or software, it is striking to see that still you can fool the fingerprint sensor on our phone in a simple way. Today in fact not only opt for the fingerprint, as shown by Microsoft that focuses on iris recognition with the Lumia 950.

We do not know which way to take the industry, or whether to continue with fingerprint readers (most likely) manufacturers will opt for the technology of this Chinese company to replace existing (yes, once its development ends). We will remain vigilant to improved sensors and preventive measures that can be applied to various attempts at forgery.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.