Police and biometrics researchers at Michigan State University (MSU) have unlocked the smartphone of a murder victim by using a digitally enhanced printout of his fingerprint to unlock the device.
Officers from the cyber-crime and digital forensics unit at MSU approached the school’s biometrics research lab upon being made aware of the team’s exploratory studies into how printed fingerprints can circumvent smartphone sensor safeguards.
Law enforcement was in possession of the victim’s fingerprints from a previous arrest, and provided this material to the lab to 3D print the pattern in hopes of unlocking his Samsung Galaxy S6.
The team was not sure which finger was used to unlock the phone, and so wound up printing 2D and 3D replicas of all 10 of the man’s fingerprints. Their efforts proved unsuccessful as none worked. In a second go at it, the team enhanced the quality of the prints by filling in the broken ridges and valleys in the fingerprint scans. Also, as opposed to going with a more expensive 3D model, they simply printed new 2D versions using a special conductive ink that would create an electrical circuit necessary for tricking the phone sensor.
After a couple of tries (and thanks to the device not having a limit on the number of attempts made), the team was able to unlock the phone with one of the digitally enhanced 2D prints.
Professor Anil Jain, who led the MSU research team, said that their success in unlocking the device demonstrates “a weakness” in fingerprint authentication systems, and that he hopes this story encourages developers to create better security measures for the technology as a whole.
“This shows that we need to understand what types of attacks are possible on fingerprint sensors, and biometrics in general, and how to fix them,” Jain said. “If we don’t, the public will have less confidence in using biometrics. After all, biometric authentication was introduced in consumer devices to improve security.”
Per school officials, this marks the first instance in which law enforcement has used this technology for an ongoing investigation, adding that the lead detective “even contacted the company that was asked to help with [unlocking] the San Bernardino shooter’s phone and he kept getting the same answer: can’t do it, the tech doesn’t exist. Well, the tech exists now!”
Samsung, the maker of the smartphone, addressed the story as well:
“We are aware of the research from Michigan State University, but would like to remind users that it takes special equipment, supplies and conditions to simulate a person’s fingerprint, including actual possession of the fingerprint owner’s phone, to unlock the device. If there is a potential vulnerability or a new method that challenges our efforts to ensure security at any time, we will respond to issues as quickly as possible to investigate and resolve the issue.”
To learn more about MSU’s research into this technology, download “Hacking Mobile Phones Using 2D Printed Fingerprints”.
Via Quartz
Learn more about Electronic Products Magazine