Hackers Successfully Unlocked Smartphones Using Fingerprints Lifted Off a Glass


Smartphones have had fingerprint scanners for the part of this decade. It is now one of the most common forms of biometric authentication second only to facial recognition. On paper, a person's fingerprint is unique and nearly impossible to replicate. That alone should make fingerprint authentication infallible and unhackable. However, we've seen several instances where hackers have managed to fool a smartphone's fingerprint sensor. We've seen it in the past with OnePlus' optical under-screen sensors and even Samsung's ultrasonic modules. Some banks even disallowed fingerprint authentication from their apps following a vulnerability that afflicted the Galaxy S10 series. Today, some hackers managed to lift fingerprints off a drinking glass and successfully unlocked their owners' smartphones with it.

A team of hackers working with Tencent managed to pull off the feat in less than twenty minutes

Tencent Security's X-Lab team demonstrated this at an event in Shanghai. The researchers invited members of the audience to touch a drinking glass. A member of the team then took out his phone, snapped a photo of the fingerprints, and ran it through an app that extracted the data out of the image. It took the team less than twenty minutes to clone the fingerprint. The hackers were then able to fool three smartphones and two attendance machines equipped with fingerprint scanners at the venue. The team leader told South China Morning Post in a statement that the whole ordeal cost them less than $140 in total.

Apple’s Upcoming External Display Could Feature an A13 Bionic, Might Replace Pro Display XDR

The team also claims to have cracked all three types of fingerprint sensors—namely capacitive, under-screen, and ultrasonic, though they didn't specify which devices they managed to hack. They were light on the specifics of the hack and revealed nothing in the way of their methodology, or even the app that they used. It is also unclear as to what medium they used to imprint the fingerprint data extracted by the app. The team concluded the presentation by warning users to wipe their fingerprints off of everything they touch. That or you could wear gloves at all times and use only a PIN/Pattern/Password as a form of authentication.

Don't let the news dishearten you, though. A fingerprint is still one of the most secure forms of biometric authentication. Most people you'll encounter in a public setting will very likely not have the technical expertise to replicate your biometrics using an app. Even if someone has your fingerprints 3D printed somewhere, they'd still need access to your smartphone. Nothing is a hundred percent foolproof and there will always be ways to fool even the best of systems.