According to Toms Hardware, researchers have uncovered a novel side-channel attack capable of extracting an individual’s fingerprints from the sound produced by a finger moving across a touchscreen.
The study, titled “PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound,” details this innovative approach developed by researchers from institutions in China and the United States.
By analyzing the audio signals generated when a finger interacts with a touchscreen, this attack can deduce details about the fingerprint pattern used for biometric security.
According to the scientists’ testing, they assert that they can successfully extract “up to 27.9 percent of partial fingerprints and 9.3 percent of complete fingerprints within five attempts at the highest security false acceptance rate setting of 0.01 percent.”
They also state that this marks the first instance of an attack utilizing swipe sounds to acquire fingerprint information.
Biometric fingerprint security is widely utilized and highly trusted, with forecasts suggesting that the fingerprint authentication market could approach nearly $100 billion by 2032 if current growth trends persist.
However, many organizations are increasingly recognizing the potential threat posed by hackers and malicious entities seeking to pilfer fingerprints for unauthorized access to biometric-protected data.
The researchers suggest that without physical fingerprint impressions or images, it is possible for hackers and other criminals to steal fingerprints using only a microphone.
According to the PrintListener paper, there is a significant risk that attackers could capture finger-swiping friction sounds online.
These sounds are generated when users swipe their fingers while using popular apps such as Discord, Skype, WeChat, FaceTime, and others.
The issue arises from users swiping carelessly while the app’s microphone is active.
The researchers identified three main challenges in enhancing the automated fingerprint identification system:
- Isolating useful fingerprint friction swipe sounds from background noise.
- Extracting distinguishing fingerprint features from the filtered sounds.
- Generating targeted synthetic fingerprint templates from the extracted features.
Researchers conducted thorough real-world experiments on PrintListener, which demonstrated its capability to achieve successful partial fingerprint attacks in more than 25% of cases and complete fingerprint attacks in around 10% of cases.
These results significantly outperformed unassisted MasterPrint dictionary attacks on fingerprints.
ICYMI: Foreign Interference in U.S. Elections is REAL!
1 Comment
I don’t have any fingerprints.