HOW TO BYPASS ANDROID FINGERPRINT 2 MINS TRICK
People in movies are often quick to resort to sawing off someone's hand to get past a fingerprint scanner. A report from the Kraken Security Labs Team shows that it would be much easier—and less gruesome—to recreate someone's fingerprint using a little bit of off-the-shelf wood glue.
Kraken notes that biometric security has become increasingly common as smartphone, tablet, and laptop manufacturers have incorporated fingerprint scanners into their products. These scanners offer a convenient way to access those devices without entering a password.
The report says a fingerprint scanner can be "hacked" by using a picture of the target's fingerprint, creating a negative in Photoshop, printing the resulting image, and then putting some wood glue on top of the imitated fingerprint so it can be used to trick many commercial scanners.
"We were able to perform this well-known attack on the majority of devices our team had available for testing," Kraken says in its report on the attack. "Had this been a real attack, we would have had access to a vast range of sensitive information."
Kraken isn't the only security company to realize that glue can be used to fool a fingerprint scanner. Cisco Talos published a more in-depth report in April 2020 that explored several ways—including this glue trick—someone's fingerprint could be spoofed by an attacker.
"Our tests showed that—on average—we achieved an ~80 percent success rate while using the fake fingerprints, where the sensors were bypassed at least once," Cisco Talos says. "Reaching this success rate was difficult and tedious work. We found several obstacles and limitations related to scaling and material physical properties. Even so, this level of success rate means that we have a very high probability of unlocking any of the tested devices before it falls back into the pin unlocking."
Cisco Talos says that most people don't have to worry about someone creating a copy of their fingerprint to access their devices, but notes that "a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication."
Kraken advises people to remember that bypassing fingerprint-based authentication is relatively simple and, based on its demonstration, cheaper than many consumers might expect. (Although that assumption is based on someone already owning a laser printer and Photoshop.)
"It should be clear by now that, while your fingerprint is unique to you, it can still be exploited with relative ease," Kraken says. "At best, you should only consider using it as second-factor authentication (2FA)."
