An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.
Biometric fingerprint security is widespread and widely trusted. If things continue as they are, it is thought that the fingerprint authentication market will be worth nearly $100 billion by 2032.
Importantly, PrintListener went through extensive experiments “in real-world scenarios,” and, as mentioned in the intro, can facilitate successful partial fingerprint attacks in better than one in four cases, and complete fingerprint attacks in nearly one in ten cases. These results far exceed unaided MasterPrint fingerprint dictionary attacks.
I have to say, though, I’m struggling to understand how this can really work. It talks about fingerprint friction audio – does that mean the press of a fingerprint, as it sounds more like some form of swiping? The report states: “It only needs to record users’ fingertip friction sound and can be launched by leveraging a large number of social media platforms.”
But it seems though they are using swiping actions to reconstruct the fingerprint, as they state this also: “In this work, we propose a new side-channel attack on fingerprints, called PrintListener, which leverages users’ swiping actions on the screen to extract fingerprint features and synthesize a stronger MasterPrint sequence based on these features to conduct dictionary attacks on users’ fingerprints”.
There is a link to the original report, where it goes into some detail about how the acoustics are interpreted.
No authentication process is perfect, but fingerprints have been one of the more trusted options. But we are also learning that phone sensors such as cameras, microphones, light, vibration, etc can all be exploited in various ways. These are actually all very clever hacks. Not all can be exploited easily in the real world, but one hopes that OEMs are working to keep these exploits pinned down.