Researchers have reportedly discovered a new side-channel attack that can extract a person’s fingerprints from the sounds made when a finger swipes across a touchscreen.
Toms Hardware reports that researchers from institutions in China and the United States have outlined an innovative attack targeting biometric security in a paper entitled “PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound.” This attack utilizes the audio characteristics of a finger gliding across a touchscreen to infer attributes of the fingerprint pattern.
Through testing, the scientists claim they can successfully extract “up to 27.9 percent of partial fingerprints and 9.3 percent of complete fingerprints within five tries at the highest security false acceptance rate setting of 0.01 percent.” The researchers claim that this is the first attack that uses swipe sounds to obtain fingerprint information.
Biometric fingerprint security is very common and highly trusted, with projections estimating that the fingerprint authentication market could reach nearly $100 billion by 2032 if growth continues. However, many organizations are becoming increasingly aware that hackers and malicious actors may want to steal fingerprints to access biometric-protected data.
The PrintListener paper states “finger-swiping friction sounds can be captured by attackers online with a high possibility.” These sounds come from the use of popular apps like Discord, Skype, WeChat, FaceTime, and more. The sounds originate from users carelessly swiping while an app microphone is active.
The researchers listed three primary challenges to refine the automated fingerprint identification system:
- Isolating useful fingerprint friction swipe sounds from background noise.
- Extracting distinguishing fingerprint features from the filtered sounds.
- Generating targeted synthetic fingerprint templates from the extracted features.
According to the researchers, PrintListener underwent extensive real-world experiments. It can reportedly enable successful partial fingerprint attacks in over one in four cases and complete fingerprint attacks in approximately one in ten cases, substantially surpassing unaided MasterPrint dictionary attacks on fingerprints.
Breaking: MyPillow Is Now Offering Storewide Closeout Specials.
Inflation Buster: Freedom From High-Cost Cell Plans
The Same Phones, Same Numbers, Same Coverage For About Half The Price.
Order today and get 50% off the first month With Promo “FLS”
These #Venezuela gangs are professionals. They are hitting up mansions across the USA. They are not regular “robbers” #hackers #drones #robbers #safe pic.twitter.com/sTBTnnZf9S
— Anticommie (@QueenAnticommie) February 19, 2024