Fingerprint scanners are a convenient way to access your phones and devices, but they are not secure. If you want security, stick to a long PIN, or better yet, a password (if possible). Researchers at Cisco Talos underscored that point when they broke into several devices with a $ 2,000 Resin 3D printer, software and glue.
The purpose of the study is not to suggest that your neighbor can easily get a device on your device with a ready-made 3D printer and some fingerprint powder. No, the Talos researchers fully admit that what they did is tedious work and that a budget somewhere near $ 2,000 would be needed.
But while that is not "your average Joe" Google's small money and knowledge, it is well within reach of many budgets and capabilities of law enforcement and government agencies.
To test the security of fingerprint authentication on your devices, the Talos team set out to keep the budget relatively low. Then they used three methods of collecting fingerprints. First they made molds with plasticine. Second, they digitally copied fingerprints from a fingerprint sensor ̵
The first method served as a check because it would yield the most accurate fingerprint.
They then used software to combine and, if necessary, improve the fingerprint data of sensors or images and export them to a 3D printer file. That allowed them to 3D print a resin mold (which required a specialized UV-capable printer) to make fingerprints. The researchers tried to print fingerprints directly in 3D, but that did not work. Instead, 3D-printed molds worked in conjunction with fabric glue.
With the fake fingerprints at hand, Talos discovered that it could unlock mobile devices 80% of the time. They tested Apple, Samsung and Huawei devices and found success with each device regardless of the type of fingerprint sensor used.
Laptops were a different story. Windows Hello didn't fall for the fake fingerprints, but they fooled Apple MacBook Pro & # 39; s. Likewise, Verbatim and Lexar USBs are not unlocked for the fake fingerprints.
Still, the high success rate on smartphones is significant. That doesn't mean it was easy; the error margins are small, according to Talos. For example, a fingerprint that is only 1% too large or too small cannot unlock devices. And because of the curing process, getting a fake fingerprint that worked often took more than 50 fungal attempts. Generally speaking, Talos described the process as 'difficult and tedious'.
But the research shows that for an entity with time, patience, and a budget of just $ 2,000, breaking into your fingerprint-locked phone is entirely possible. If you don't envision a problem with that knowledge, features like TouchID still provide many conveniences. But for the most security, switch to a PIN.