Researchers Detail System to Hack Fingerprints By Listening to Screen Swipes

A new research paper from a team of Chinese and American scientists introduces “PrintListener,” a novel side-channel attack targeting minutiae-based Automatic Fingerprint Identification Systems (AFIS).

By eavesdropping on the fingertip friction sound generated during user interactions with touch-sensitive devices, PrintListener captures first-level fingerprint features—the basic, interpretable characteristics of a fingerprint that can be inferred from the friction sound produced when a user swipes their finger across a touch-sensitive surface. These features are then used to synthesize PatternMasterPrints, enhancing the capability for targeted attacks.

The paper demonstrates PrintListener’s ability to covertly and effectively extract fingerprint data from audio captured through social media platforms, presenting a significant improvement in attack success rates compared to existing MasterPrint methodologies.

MasterPrints and PatternMasterPrints are concepts related to the security of fingerprint recognition systems, often used in devices like smartphones for authentication. Imagine a skeleton key, but for fingerprints; that’s what a MasterPrint essentially is. It’s a synthetic fingerprint or a set of fingerprints that are designed to be generic enough to match with a wide variety of individual fingerprints in a database, thereby tricking the system into granting access.

PatternMasterPrints take this idea a step further by using specific patterns derived from the way people swipe their fingers across a screen. These patterns are synthesized into a MasterPrint, increasing the chances of matching with an actual fingerprint.

Both exploit vulnerabilities in systems that only use partial fingerprints for authentication, showing that these systems might be more susceptible to breaches than previously thought.

The effectiveness of the PrintListener system, as detailed in the research paper, is demonstrated through its significant improvement in the weighted Attack Success Rate (wASR) compared to the traditional MasterPrint approach. When attacking a specific dataset (Dataset-5 FingerPassDB7) at a False Acceptance Rate (FAR) of 0.1 percent, PrintListener showed an impressive 37.0 percent average increase in wASR in just one attempt. Moreover, at a more stringent FAR setting of 0.01 percent, PrintListener managed to achieve an average wASR of 27.9 percent within five attempts, marking it as 1.8 times more effective than the MasterPrint attack success rate.

This demonstrates PrintListener’s advanced capability to exploit the vulnerabilities of fingerprint authentication systems more effectively than previous methods.

The research involved collaboration among scholars from Huazhong University of Science and Technology, Wuhan University, Tsinghua University in China, and the University of Colorado Denver in the USA.

Source: Tom’s Hardware

–

February 21, 2024 – by the FindBiometrics Editorial Team