The widely trusted fingerprint scanning can no longer be considered secure according to new research that demonstrates how user authentication can be faked
Fingerprint scanning is widely used these days to detect the authenticity of a person. Be it organisations, government agencies or devices such as smartphones or laptops, biometric authentication in the form of fingerprint scanning is seen as a great security tool for protecting our digitally-stored information, especially in this age of rising cyberattacks. This security advantage has made it reliable and convenient to use, as compared to text-based passwords.
However, it seems the benefits won’t last long. A report published by the threat intelligence group Cisco Talos states that fingerprint scanning is also vulnerable to getting hacked by generating fake fingerprint details with the help of a 3D printer. This is a cause of concern for many smartphone users out there since all these devices have an in-built sensor for detecting a person’s fingerprint.
The test conducted by Cisco Talos showed that on average an 80 per cent success rate was achieved while using the fake fingerprints, where the sensors were bypassed at least once.
Fingerprint scanning works by measuring the contours and edges of your fingers that are placed along the sensor’s surface. The data is matched is with the already stored fingerprint template. If matching is successful, the device grants access to the user.
This is worrisome as the research demonstrated that a person possessing an intricate knowledge of another person’s fingerprints can easily hack into the system.
“The results show fingerprints are good enough to protect the average person’s privacy if they lose their phone. However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication,” said a Cisco Talos researcher.
A statement on the company’s blog also stated that if the user is a potential target for funded attackers or their device contains sensitive information, then it is recommended to implement strong passwords and two-factor authentication.
In the previous year, news of data leak from a UK-based security company and fingerprint sensor issue of the Samsung Galaxy S10 smartphone shocked the entire user community. Although the damage was fixed after a while, it exposed the vulnerability of the technology. With the evolution of 3D printing and resin, any person can now create a fake fingerprint.
“3D printing technologies have made it possible for anyone to create fake fingerprints. With the right resources such as 3D printing resin, electronic microscopes and specialised software, fingerprint cloning can be done at a massive scale,” read the blog statement.
With this in mind, it is high-time that stringent security measures be developed to tackle this issue before it goes out of hand. After all, in the event of being hacked, generating a fingerprint different from the previous one is impossible (unlike a text-based password, which can be generated multiple times).
Source: Cisco Talos