Fingerprint Spoofing Is Much Easier Than You Think

February 24, 2016, 9:03 PM UTC
Unpacked New York, Galaxy S 5, Gear 2, Gear 2 Neo and Gear Fit
A view of the Galaxy S 5 fingerprint sensor at the Unpacked New York, Galaxy S 5, Gear 2, Gear 2 Neo and Gear Fit event at Samsung Galaxy Studio on February 24, 2014 in New York City.
Photograph by Donald Bowers — Getty Images for Samsung

It turns out that even fingerprints can be spoofed with just a little bit of kids’ modeling clay.

Though it requires cooperation from the fingerprint theft victim, it’s quite easy, as a reporter from the Wall Street Journal learned. After the president of Vkansee, a company that develops fingerprint-based security systems, took an imprint of his finger using a dental mold, he used kids’ modeling clay to make a replica of his finger tip and use it to unlock an Apple (AAPL) iPhone. It took a few tries, but the fingerprint replica eventually worked.

With that said, other security experts say they can spoof a fingerprint without the finger owner’s cooperation. For example, in 2014, researchers at Germany’s Security Research Labs were able to hack a Samsung Galaxy 5’s fingerprint sensor, while the previous year, a team of German hackers bypassed the then-new iPhone 5S’s Touch ID fingerprint reader.

But as the Journal notes, some companies are developing more advanced systems to help close those loopholes. Goodix is integrating additional layers of security, such as looking at blood flow to ensure a real finger is used, while Vkansee is adding a camera to authenticate the same.

An earlier version misstated the Vkansee executive’s title. The story has been corrected to reflect that he is the company’s president, not CEO.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward