Biometric security has progressively become a standard feature in lead cell phones. Apple has offered Touch ID since the presentation of the iPhone 5S while Samsung, a pioneer in the Android space, presented fingerprint security beginning with its Galaxy S5. On Windows 10 Mobile, Microsoft settled on iris recognition for its late Lumia 950 and 950 XL phones while HP included both iris and fingerprint recognition in its Elite X3 handset.
Nonetheless, cell phone manufacturers have needed to realize some tough lessons along the path as to how to best implement biometric security into their gadgets.
In 2011, Android developer Tim Bray refuted initial claims that the Face Unlock feature on the Galaxy Nexus cell phone running Android 4.0 could be tricked by a photograph of the registered owner. Shockingly, this was later verified on video, putting a genuine scratch in Google’s claim to security.
From that point forward, biometric security has kept on enhancing in spite of initial setbacks. However, another assault demonstrated by a group at Michigan State University has demonstrated another approach to fool the fingerprint sensor in the Samsung Galaxy S6 and Huawei Honor 7.
The attack involved the making of a spoofed fingerprint using a photo of the owner’s fingerprint and the use of a Brother MFC-J5910DW printer equipped with silver conductive ink cartridges and transparent film supplied by AgiC.
AgiC, initially crowdfunded on Kickstarter, made its conductive ink and transparent film to bring printable circuits to people of all ages and experience. Given the conductivity of the ink, it made a perfect candidate for copying a live fingerprint.
As can be found in the video, the spoofed fingerprint allowed access to the cell phone after being connected to the fingerprint sensor. In any case, the MSU distribution noticed that the “Huawei Honor 7 is somewhat more difficult to hack (more attempts might be required) than Samsung Galaxy S6.”
The research has highlighted that anti-spoofing countermeasures in biometrics must keep on advancing to upset such dangers. Even though this specific assault requires a level of skill, resources and patience, maybe beyond that of a casual hacker, it serves as a reminder that today’s biometric security is not infallible.