Technology

“Finger-swiping friction sounds can be captured by attackers online with a high possibility” – New research shows your fingerprints can be digitally recreated just from the sounds they make

February 20, 2024

New research has found that your fingerprints can be recreated just from the sounds they make on a touchscreen, and then used to attack biometric security measures.

While this sounds like something straight out of the plot of a budget spy film, the findings (PDF) from team of researchers from the US and China found that by using this technique, they were able to crack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.”

The technique utilizes a side-channel attack called PrintListener to match an individual’s fingerprint to a MasterPrint or DeepMasterPrint dictionary to fool the Automatic Fingerprint Identification System (AFIS) into detecting a legitimate and authorized fingerprint.

Finger friction is now a security risk

The team of researchers tested their PrintListener technique “in real-world scenarios” that resulted in successful attacks using both partial and complete fingerprints, significantly outpacing the success rates of MasterPrint dictionary attacks.

As you would expect, the sophistication of the PrintListener algorithms is immense with a highly complex workflow required to generate a fingerprint from isolated friction sounds that are muddled in the background noise of a Discord or FaceTime call.

Physiological and behavioral factors then have to be taken into account as they can influence the sound a finger makes on a screen, which the researchers addressed by using a technique known as minimum redundancy maximum relevance (mRMR) alongside an adaptive weighting strategy.

These techniques identify the features of the left loop, right loop, and the whorl of a fingerprint from the frictional sound characteristics which can then be used to generate synthetic fingerprints. In one in four attacks, the PrintListener technique was able to successfully attack AFIS using partial fingerprints, and in almost one in ten cases using complete fingerprints.

There have been significant concerns about threat-actors using photographs of individuals’ hands to bypass biometric identification measures, with some people exercising extra care when having their pictures taken.

Via Tom’s Hardware

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar