Research: Apple, Samsung phones can be fooled 80% of the time with fake fingerprints
In a study published by Cisco’s Talos security group this week it was found that fake fingerprints can bypass the sensors 80% time on an average, even after years of upgrades.
As we all get used to the 'work from home' lifestyle, the security of gadgets, specially smartphones have become a focus point for companies. Since most of us have been relying on fingerprint sensors when it comes to encryption and privacy in phones, hackers too have found new ways to find loopholes. And as it turns out, fingerprint scanners are still not as reliable. In a study published by Cisco's Talos security group this week it was found that fake fingerprints can bypass the sensors 80% time on an average, even after years of upgrades.
The study used the fingerprint sensors provided by big tech firms like Apple, Microsoft, Samsung, and Huawei and the percentages were based on 20 attempts on each device using the best fake fingerprints researchers were able to create.
As per the result, smartphones like the Samsung Galaxy Note 9 and Huawei's Honor 7X were bypassed 100% of the time while the iPhone 8, MacBook Pro 2018 and the Samsung S10 were slightly tougher to crack but did unlock with fake fingerprints. They had a success rate of over 90%.
Interestingly, researchers said that Samsung Galaxy A70 had zero success rate, meaning it was completely able to block the fake fingerprint. However, it didn't see any success rate with the real one as well. "Our fake fingerprints didn't work on the Samsung A70, however, even with a real fingerprint, the authentication rate was way lower than on the other devices."
However, the report was quick to point out that this is not something that any hacker could do. The process requires specific material to mimic the fingerprint, a clean image of the fingerprint and physical access to the target user's smartphone.
As for laptops, the researchers found Windows 10 perform better than MacBooks in blocking the fake fingerprints. That is because Windows 10 uses a comparison algorithm that shares the same fingerprint across other devices that use the same fingerprint login technique. However, these may also be bypassed at some point. "We estimate that with a larger budget, more resources and a team dedicated to this task, it is possible to bypass these systems, too," said the researchers.