Researchers have reportedly discovered a new side-channel attack that can extract a person’s fingerprints from the sounds made when a finger swipes across a touchscreen.
Toms Hardware reports that researchers from institutions in China and the United States have outlined an innovative attack targeting biometric security in a paper entitled “PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound.” This attack utilizes the audio characteristics of a finger gliding across a touchscreen to infer attributes of the fingerprint pattern.
Through testing, the scientists claim they can successfully extract “up to 27.9 percent of partial fingerprints and 9.3 percent of complete fingerprints within five tries at the highest security false acceptance rate setting of 0.01 percent.” The researchers claim that this is the first attack that uses swipe sounds to obtain fingerprint information.
Biometric fingerprint security is very common and highly trusted, with projections estimating that the fingerprint authentication market could reach nearly $100 billion by 2032 if growth continues. However, many organizations are becoming increasingly aware that hackers and malicious actors may want to steal fingerprints to access biometric-protected data.
Without physical fingerprint impressions or photos, the researchers claim that hackers and other crooks could steal fingerprints merely by using a microphone.
The PrintListener paper states “finger-swiping friction sounds can be captured by attackers online with a high possibility.” These sounds come from the use of popular apps like Discord, Skype, WeChat, FaceTime, and more. The sounds originate from users carelessly swiping while an app microphone is active.
The researchers listed three primary challenges to refine the automated fingerprint identification system:
- Isolating useful fingerprint friction swipe sounds from background noise.
- Extracting distinguishing fingerprint features from the filtered sounds.
- Generating targeted synthetic fingerprint templates from the extracted features.
According to the researchers, PrintListener underwent extensive real-world experiments. It can reportedly enable successful partial fingerprint attacks in over one in four cases and complete fingerprint attacks in approximately one in ten cases, substantially surpassing unaided MasterPrint dictionary attacks on fingerprints.
Read more at Toms Hardware here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.