Fingerprint authentication is a convenient alternative to passwords and PIN codes. Who wants to spend time typing in a lengthy string of numbers, letters, and characters when a simple tap will suffice? Unfortunately, that convenience comes at a cost. In this article, the Kraken Security Labs Team demonstrates just how easy it is to bypass your favorite login method.
Stealing the Fingerprint
To compromise your device or account, we don’t even need direct access to your fingerprint.
- A photo of a surface you’ve touched will do – an hour in Photoshop yields a decent negative
- Print the image onto an acetate sheet with a laser printer
- For our final step, we add some wood glue on top of the print to bring to life a fake fingerprint that we can use on a scanner
Launching the Attack
Once you have the fingerprint in hand, all you need to do is place it on the scanner and it will start working
- We were able to perform this well-known attack on the majority of devices our team had available for testing
- Had this been a real attack, we would have had access to a vast range of sensitive information
Protecting Yourself From the Attack
A fingerprint should not be considered a secure alternative to a strong password. Doing so leaves your information – and, potentially, your cryptoassets – vulnerable to even the most unsophisticated of attackers.
