Your Fingerprints Can Be Hacked

Now you can read us on your iPhone and iPad! Check out the BTRtoday app.

Touch ID may seem like the most secure way to protect your smartphone, but recent trials reveal that your fingerprint can be hacked with little more than a printer or a glob of Play-Doh.

Kai Cao and Anil K. Jain, biometrics researchers at Michigan State University’s Department of Computer Sciences, published a paper last month that details a simple and effective method for breaking into smartphones.

The pair photographed a study participant’s fingerprint and rendered it on transparent paper using their office’s standard inkjet printer. When they pressed the paper onto the lock pads of the Samsung Galaxy, Huawei Honor 7, and iPhone 5s, the phones each yielded to the authentication.

“It should be noted that not all the mobile phones can be hacked using [this] proposed method,” they wrote. “However, it is only a matter of time before hackers develop improved hacking strategies.”

It may come as some consolation to iPhone users that the iPhone 5s responded only one time to this particular spoofing technique. But two weeks ago, mobile security company Vkansee revealed at the Mobile World Congress 2016 how the iPhone could be fooled with Play-Doh.

In its demonstration, Vkansee reps pressed a user’s thumb into dental clay, allowed the mold to dry, and then pushed Play-Doh into the impression so that it would inherit the thumbprint. When the Play-Doh was pressed into the iPhone’s sensor, the phone unlocked.

In an interview with Tech Radar, Vkansee CEO Jason Chaikin explained that the iPhone’s Touch ID captures fingerprint images at only 500 dots per inch (dpi), an embarrassingly low resolution compared to the company’s own VK2108 sensor, which captures prints at 2000 dpi. This more precise imaging enables the sensor to pick up on valuable features such as individual fingerprint ridges and even sweat pores.

Vkansee’s sophisticated security sensor may make its way into phones by 2017, although the company will not confirm which manufactures have picked up the technology.

If you think it seems unlikely that you’ll find yourself in a scenario in which a hacker forces you to smush your finger into a pad of Play-Doh, you’re probably right. While you may not be concerned about the immediate consequences of these particular hacks, they do reveal glaring inadequacies in our devices’ security features.

As more and more smartphone manufacturers develop biometric security traits such as voice, face, and iris recognition, they will need to take these potential breaches into account to provide better anti-spoofing technologies.