Before he came Apple s Face ID, fingerprint was considered the most secure and fastest possible way to unlock your iPhoneTo this day Apple Offers iPhone SE, keyboard and MacBooky that unlock using fingerprints. But now it turns out that this may pose a security risk. Your fingerprints can be created just from the sounds your fingers make when you swipe them across the screen of your phone or tablet.
A group of scientists from China and the US managed to describe and create an interesting attack on biometric security. The so-called AFIS (Automatic Fingerprint Identification System) is a system that takes care of recognizing your fingerprint and this can be bypassed by making a copy of your fingerprint. In this case, the fingerprint is created by capturing the sounds made by your finger moving across the touch screen. The researchers managed to create a fingerprint with a success rate of 27,9%, which means that more than one in 4 attempts work, which is quite a lot.
For eavesdropping, they use the so-called PrintListener, a utility that can record the sound of a finger moving across the screen from the microphone directly from your phone and then create a copy of your fingerprint from this sound. All you have to do is "print" it on a conductive material that simulates human skin and unlock the phone.
In addition, the sound is captured directly from the microphone on the device. For example, if you are using an application that has access to your microphone. Typically, this is Skype, WhatsApp, Discord, FaceTime, WeChat and thousands more. While the application has access to the microphone, the user swipes their finger across the screen, and the microphone can capture these sounds. An attacker who obtains the sounds can use PrintListener to create a fingerprint from them. PrintListener uses complex algorithms to create a visualization of the fingerprint based on the recorded sounds that your finger makes as it moves across the screen.
This is probably not an attack that could be used on a mass scale directly to attack phones or tablets as such, but the problem is completely different. People often use fingerprints to protect safes, homes, safety deposit boxes, and more, and if an attacker gets a fingerprint from a phone, they can use it to break into much more valuable things than the phone. However, it is likely that this will affect a very small percentage of interested parties.
