A team of researchers at Michigan State University have figured out a way to jury-rig a standard inkjet printer into a fingerprint-faking spy machine capable of fooling most smartphone scanners. Faking fingerprints isn’t impossible, but it’s supposed to be hard enough that many companies still rely on print verification for security (and other cool stuff).
The researchers discovered that by using a special electrically conductive ink from the Japanese company AgIC, and similar paper, they could retrofit a basic inkjet printer to print out high-resolution two dimensional scans of people’s fingerprints that worked just like the real thing on mobile phone fingerprint scanners.
In the paper publishing their findings, the researchers claimed the whole digital heist could originate from a simple photograph of a user’s fingerprint. While prior fingerprint spoofing methods usually require the thief to create a three dimensional replication of the victim’s finger, which takes time and careful artistry, the Michigan researchers can quickly print out a usable spoof on a sheet of paper. According to Defense One, you can order all the ink, paper, and a new printer for performing spoof prints for around $450.
Still, the new technique has some limitations. As with all spoofing attempts, it requires a high resolution image of the victim’s print — in this case, at least 300 dpi. So the only way you’re vulnerable to this hack is if someone has a high resolution image of your prints like, well, the government. The same government that recently lost 5.6 million fingerprint records to hackers. In other words, if dedicated hackers get access to the 5.6 million user database the government lost, they could now have a fast, easy, and relatively cheap way to mass produce fingerprint spoofs. The technique worked consistently with the Samsung Galaxy S7 and Huawei Honor 7, but had mixed results on an iPhone, according to Quartz. It’s hard to tell what the end goal of a potential print spoofing hack would be, but if the technology becomes widespread enough and phone companies don’t adapt to new forms of biometric security, it’s possible that bypassing security on personal devices could become as easy as scan, click, print, unlock.