Hacking Fingerprint Scans Is Much Easier And Cheaper, Here's The Explanation!

Mimicking a fingerprint scan is surprisingly easy. (photo: doc. unsplash)

JAKARTA - Several scenes in the film often show the perpetrator cutting a person's hand to pass a fingerprint scan. But now a report from the Kraken Security Lab Team suggests that it would be much easier, and less terrifying to recreate someone's fingerprints using a small amount of available wood glue.

Kraken notes that biometric security is becoming increasingly common as manufacturers of phones, tablets, and laptops have incorporated fingerprint scanners into their products. This scanner offers an easy way to access these devices without entering a password.

The report says fingerprint scanners can be "hacked" by using an image of the target fingerprint, creating a negative in Photoshop, printing the resulting image, and then applying wood glue over the imitated fingerprint so that it can be used to trick many commercial scanners.

"We were able to perform this well-known attack on most of the devices available for testing by our team," Kraken said in its report on the attack. "If this really was an attack, we would have access to a large amount of sensitive information."

Kraken isn't the only security company to realize that glue can be used to trick fingerprint scanners. Cisco Talos published a more in-depth report in April 2020 that explored several ways, including this glue trick, that a person's fingerprint could be easily spoofed by an attacker.

"Our testing shows that, on average, we achieve an approximately 80 percent success rate when using fake fingerprints, where the sensor is bypassed at least once," Cisco Talos said.

"Achieving this level of success was a difficult and tedious job. We encountered some constraints and limitations related to the scaling and physical properties of the material. However, this success rate means that we have a very high probability of unlocking the previously tested device to fall back to pin unlocking," he added.

Cisco Talos says that most people don't have to worry about someone making a copy of their fingerprint to access their device. However, they note that "a person who is likely to be targeted by a well-funded and motivated perpetrator, should not use fingerprint authentication."

Kraken advises people to remember that bypassing fingerprint-based authentication is relatively simple and, based on its demonstrations, cheaper than many consumers think. That assumption is based on someone who already has a laser printer and Photoshop.

"It should be clear by now that, even if your fingerprint is unique to you, it can still be exploited relatively easily," Kraken said. "At best, you should only consider using it as a second-factor authentication (2FA)."