Article Image

IPFS News Link • Hacking, Cyber Security

Scientists Recreate Fingerprints from the Sound of Swiping on a Touchscreen

•, By Masha Borak

A team of scientists from China and the United States say they have devised a side-channel attack on minutiae-based automatic fingerprint identification systems (AFISs) which allows them to extract fingerprint patterns from the sound of friction produced by swiping on a touchscreen. Side channel attacks exploit information that is inadvertently leaked by a system.

The researchers have named the new attack PrintListener. They claim that the new attack method could increase the efficiency of MasterPrints, ringing alarm bells for the security of fingerprint authentication.

MasterPrints are synthetic fingerprints designed to be generic enough to match a large number of fingerprints and fool a biometric system. PatternMasterPrints works similarly but it also adds information from the patterns of an individual user swiping a screen, increasing the chance of matching with a real fingerprint.

PrintListener uses algorithms to process the audio signal of the sound of friction of a finger swiping through a screen, which has unique biometric characteristics. This is then used to synthesize PatternMasterPrints.

Attackers could potentially obtain these audio signals with the help of malware while users engage with social apps, such as gaming through Discord or making calls through Apple FaceTime or Skype.

"After eavesdropping on the user's finger friction sound through a social network, PrintListener generates a specialized PatternMasterprint sequence specifically designed for the user's fingerprint," the team writes in their paper.

The team has also performed real-world experiments showing that PrintListener can attack up to 26.5 percent of partial fingerprints and 9.3 percent of complete fingerprints within five attempts at the highest security FAR setting of 0.01 percent. This far exceeds the attack potency of MasterPrint, they note.