"There's no challenge to bypass touch ID," hackers said in 2013, when they beat touch ID with fake fingerprints less than 48 hours after the iPhone 5S technology was launched. Although with the iterative upgrading of technology, the threshold of fingerprint unlocking is higher and higher, fingerprint recognition is still not so safe.
It starts with a study by Talos security group.
False fingerprint pass rate up to 80%
The proportion is based on 20 attempts by the device that the researchers created to fake fingerprints.
"This success rate means that we have a high unlocking probability before any tested device re enters the pin unlocking system." The researchers said.
In addition, the study also points out that the most vulnerable devices to false fingerprints are aicase padlocks, Huawei's hoor 7x and Samsung's note 9 Android phones, with a success rate of almost 100%; the second isIPhone8.MacBookThe fingerprint authentication of Pro 2018 and Samsung S10 has a success rate of more than 90%.
So, how did they come to this conclusion?
How does false fingerprint escape from fingerprint authentication?
In order to successfully cheat the fingerprint authentication of mobile phone, the principle of fingerprint authentication should be known first.
Touch ID was first used on the iPhone 5S, released in 2013, with an area called secure enclave dedicated to protecting passwords and fingerprint data. Touch ID adopts "hardware locking" technology, and each touch ID component only matches with one processor, ensuring security.
But for a long time, one of the core logic of fingerprint unlocking is to guess the fingerprint you entered based on the evidence.
The logic of unlocking is: the sensor first records the fingerprint points, and then verifies the points according to a small area you touch to guess the whole fingerprint when unlocking, so you need to record the fingerprint neatly before, after, left and right. When unlocking, you only need to lean lightly.
So when apple used to use touch ID, the larger the sensing part, the safer and more efficient it became.
Generally, the unlocking process is as follows: either the drawing points are all right up to pass, or a wrong drawing point is directly denied - all pass and one veto.
But in reality, in order to unlock speed and efficiency, we need some fault tolerance. In case of some sweat and dust in our hands, what can we do for 80% of the painted points?
So at this time, fingerprint unlocking needs to have some fault tolerance.
In addition, in the selection of sensors, there are generally three, namely capacitance sensor, optical sensor and ultrasonic sensor. Among them, the capacitive and optical fingerprint identification technology has a long history of development, which is most commonly used in mobile phone manufacturers, with the highest degree of commercialization. The development history of ultrasonic fingerprint recognition technology is the shortest. The technology iteration is from the first generation in 2015, the second generation in 2017, and the third generation in 2019 to achieve large-scale commercial use. The human fingerprint is like a mountain, with a raised ridge and a concave valley. The acoustic pressure readings between the ridges and valleys are different, so the readings returned to the sensor can show a 3D fingerprint image with rich details.
Based on this, the researchers designed three technologies to collect target fingerprints.
The first is direct collection, which involves a target pressing a finger on a brand of clay called plastiline. In this way, the attacker gets a negative of the fingerprint.
The second technique is to have the target press their fingers on a fingerprint recognizer, such as a fingerprint reader used at airports, banks and border ports, which will then capture the printed bitmap image.
The third is to capture fingerprints on glass or other transparent surfaces and take photos of them.
After using print reader or photo method to collect print, some optimization is usually needed. For example, for a fingerprint recorded on a fingerprint reader, multiple images must be combined to create an image large enough to pass the real fingerprint.
Take the fingerprints obtained by the FBI from Al Capone, the outlaw of the prohibition era.
First, the fingerprints captured on the glass and then photographed were moistened with filters to increase contrast. Then, using a digital engraving tool, such as ZBrush, the researchers created a three-dimensional model based on two-dimensional pictures. Finally, the researchers copied the fingerprint onto the mold, which was made of fabric glue or silicon. (for resistance to capacitive sensors, the material must also include graphite and aluminum powder to improve conductivity.)
In order to be a real finger successfully, the mold must be precise size. If the change is only 1%, too large or too small will lead to failure of attack. Therefore, the mold must be solidified to produce hardness and remove toxin, and then it is completed with a 3D printer with a resolution of 25 microns or 50 microns, and the mold of false fingerprint is completed. The researchers pressed the mold against the sensor to see if it used fake fingerprints as real fingerprints to unlock the phone, laptop or lock.
The results show that the effect of direct collection is the best. But the higher success rate of direct collection does not necessarily mean that it is the most effective collection method in real-world attacks, because it needs to cheat or force the target to press his finger on a rough clay. By contrast, it might be better to get fingerprints from a print reader or a photo with a smudge on the glass.
Of course, this research is not to tell you how to copy fake fingerprints, just to tell you that no technology can achieve real security. The iteration of technology means that there is no 100% absolute security, but the security problem has always been the upgrading of attack and defense confrontation, so the design of security system has never been a single point of dependence, the more important issue is how we prevent.
The best mitigation for manufacturers is to limit the number of attempts. For example, apple limits users to five attempts before asking for a pin on the device.