The market for solutions forbiometric authentication based on fingerprint recognition and processing could be worth nearly $100 billion by 2032.
This rapid growth is motivating security experts to identify new and increasingly innovative mechanisms to try to make biometric detection mechanisms less reliable. This is completely normal: the more widespread and appreciated a solution is, the more ways are sought to violate it, bringing out any defects. Responsible sharing of security gaps or aspects not managed in the best way, helps to strengthen the same solutions that companies, professionals and individuals use every day to protect their data.
What is the PrintListener attack: A creative way to steal fingerprints
A group of Chinese and American researchers has proposed an attack methodology which aims, from a future perspective, to overcome the controls exercised by modern smartphones on Fingerprints of users. The system under discussion, baptized PrintListener, it might seem almost madness. In reality, according to the results of the study, it would allow you to successfully take possession of users’ fingerprints (at least in partial form) almost one time in three; in 9.3% of cases in complete form within 5 attempts.
PrintListener collects and examines the sounds generated when the user scrolls the finger on a touch screen, such as that of a smartphone, to extract fingerprint characteristics and build a custom model. Let’s think about how many times we slide our fingers across the phone’s display, for example to scroll through a web page, select an option, unlock the device, and so on.
L’immagine è tratta dal documento “Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound“.
Challenges faced to store fingerprint
The authors of the research explain that by activating the smartphone’s microphone – yes, the one that is integrated into your terminals – and developing an app capable of capture the sound generated byfriction between the finger on the device screen, it is actually possible to create a personalized profile that describes each individual’s digital footprint quite accurately.
“Possible” applications to reconstruct, through a series of successive approximationsthe user’s digital fingerprint are, for example, those usually used for interaction with social media as well as chat and video conferencing tools such as Discord, Skype, Teams, Zoom and so on.
Researchers collaborated shoulder to shoulder to address and overcome three main challenges:
- Develop an algorithm capable of identifying it finger sliding on the device screen. Based on thespectral analysis it was possible to capture the faint sounds of finger friction, separating them from everything else and background noise.
- Distinguish the sound characteristics linked to the digital fingerprint model from those correlated with the physiological and behavioral aspects of users. On the one hand, the method mRMR (Minimum Redundancy Maximum Relevance) allowed us to select the most relevant characteristics; on the other, a strategy of adaptive weighing was the key to assigning different weights to the various characteristics. In this way it was possible to effectively and accurately separate the various factors at play.
- Infer the primary and secondary characteristics of fingerprints using thestatistic analysis of the intercorrelations between the characteristics. To support the mechanism, the technicians used a heuristic search algorithm.
The researchers, in conclusion, underline that their model PrintListener it would have produced encouraging results in “real scenarios”, surpassing more conventional methodologies.