RESEARCHERS AT Michigan State University have successfully bypassed the fingerprint sensors on the Galaxy S6 and Huawei Honor 7 using an inkjet printer.
Yes, you read that right. Kai Cao and Anil Jain, from Michigan State University's Department of Computer Science and Engineering, managed to spoof the fingerprint scanners using an inkjet printer, a few drops of conductive ink and special paper used for printing electronic circuits.
The researchers took scans of several fingers and printed them onto the paper using the conductive ink. They were able to 'hack' the two smartphones using the spoof, or 2.5D, print, but said that the sensor on the Honor 7 was "more difficult" to bypass than that on the Galaxy S6.
No other devices were tested, but the technology used on the two Android devices is similar to that used on other smartphones, including the Nexus 6P and LG G5, for example.
"This experiment further confirms the urgent need for anti-spoofing techniques for fingerprint recognition systems, especially for mobile devices which are being increasingly used for unlocking the phone and for payment," the two researchers said.
A Samsung spokesperson told The Guardian: "Samsung takes fingerprint security very seriously, and we would like to assure that users’ fingerprints are encrypted and securely stored within our devices equipped with fingerprint sensors.
"As the report itself points out, it takes specific equipment, supplies and conditions to simulate a person’s fingerprint, including being in possession of the fingerprint owner’s phone to unlock the device.
"If at any time there is a credible potential vulnerability we will act promptly to investigate and resolve the issue."
A Huawei spokesperson added: "Honor takes data integrity very seriously and we are committed to protecting customer privacy through the constant updating of new technologies, including fingerprint sensor technology.
“We are aware of various reports which make the claim that vulnerabilities exist in fingerprint sensor technology used by several manufacturers, including Honor. We have equipped Honor 7 with a chipset-level security solution in which personal data in the form of fingerprint images is protected with hardware. This solution is significantly superior to that of most other Android phones." µ
To hear more about security challenges, the threats they pose and how to combat them, sign up for The INQUIRER sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
A surprisingly busy week in a quiet month
Measures just 15.75mm at its thickest point
Firm expects GPU sales to start drying up