ABSTRACT
Modern smartphones popularly adopt a small touch sensor for fingerprint identification of a user, but it captures only a partial limited portion of a fingerprint. Recently we have studied a gap between actual risk and user perception of latent fingerprints remaining on a smartphone, and developed a fake fingerprint attack that exploits the latent fingerprints as actual risk. We successfully reconstructed a fake fingerprint image in good quality for small touch sensors. In this paper, we subsequently conduct post hoc experimental studies on the facts that we have missed or have since learned. First of all, we examine that the presented attack is not conceptual but realistic. We employ the reconstructed image and make its fake fingerprint, using a conductive printing or a silicon-like glue, to pass directly the touch sensor of real smartphones. Our target smartphones are Samsung Galaxy S6, S7 and iPhone 5s, 6, 7. Indeed we have succeeded in passing Galaxy S6, S7, and now work on the remaining smartphones. We also conduct an experimental study for one of our mitigation methods to see how it can reduce actual risk. Finally, we perform a user survey study to understand user perception on the fake fingerprint attacks and the mitigation methods.
- Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith 2010. Smudge attacks on smartphone touch screens. In Proceedings of WOOT '10, Vol. Vol. 10. 1--7.Google ScholarDigital Library
- Kai Cao and Anil K. Jain 2016. Hacking mobile phones using 2D printed fingerprints. Technical Report. Department of Computer Science and Engineering, Michigan State University.Google Scholar
- Eric Decoux and Patrick Bovey 2017. Marking comprising two patterns on a surface. (Aug. 2017). US Patent 9,747,473.Google Scholar
- JLaservideo. 2016. How To Copy a Fingerprint Like a Spy - iPhone Touch ID Hack!!! https://www.youtube.com/watch?v=bp-MrrAmprA.Google Scholar
- Hoyeon Lee, Seungyeon Kim, and Taekyoung Kwon. 2017. Here is your fingerprint! actual risk versus user perception of latent fingerprints and smudges remaining on smartphones. In Proceedings of ACSAC '17.Google Scholar
- Marc Rogers. 2014. Hacking Apple TouchID on the iPhone 6. https://www.youtube.com/watch?v=GPLiEC_tG1k.Google Scholar
- Oki Rosgani. 2013. faking the Apple trackID fingerprint sensor. https://www.youtube.com/watch?v=qjRD8_ZoGuE.Google Scholar
- Dale R Setlak. 2017. Electronic device including finger biometric sensor carried by a touch display and related methods. (Feb. 2017). US Patent 9,582,102.Google Scholar
- Robert Važan. 2017. SourceAFIS. https://sourceafis.angeloflogic.com/.Google Scholar
Index Terms
- POSTER: Rethinking Fingerprint Identification on Smartphones
Recommendations
Here Is Your Fingerprint!: Actual Risk versus User Perception of Latent Fingerprints and Smudges Remaining on Smartphones
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications ConferenceA small touch sensor employed in smartphones can only capture a partial limited portion of the full fingerprint, and so it is more vulnerable to fingerprint spoofing attacks that leverage a user's firm impression. However, it is still unknown whether ...
Poster: 3DBuilder - A Versatile Scheme to Reconstruct 3D Models on Smartphones
MobiSys '16 Companion: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services CompanionThere are bright prospects for 3D reconstruction on smartphones, such as 3D video, virtual reality, E-commerce and historic preservation. Although advent smartphones are equipped with high resolution touchscreens, powerful CPUs and GPUs, the performance ...
Poster: Android Whole-System Control Flow Analysis for Accurate Application Behavior Modeling
MobiSys '16 Companion: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services CompanionAndroid, the modern operating system for smartphones, together with its millions of apps, has become an important part of human life. There are many challenges to analyzing them. It is important to model the mobile systems in order to analyze the ...
Comments