A research team from the United States and China has uncovered a new danger associated with biometric authentication. Their work is called «PrintListener: Detecting Fingerprint Authentication Vulnerability via Finger Friction Sound». The attack uses the sound characteristics of the user’s finger movement to extract the features of the fingerprint pattern.
After tests, the researchers claim that they can successfully mimic up to 27.9% of partial fingerprints and 9.3% of full fingerprints within five attempts. This is the first work to use finger sounds to extract fingerprint information.
Fingerprint biometric authentication is widespread and trusted. However, organizations and individuals are increasingly aware that attackers may want to steal their fingerprints, so some have begun to be cautious about having their own fingerprints in plain sight and photos that show details of their hands.
How can criminals identify fingerprints by sound? Any communication program that works with the microphone turned on can be a source of danger: Telegram, Skype, Discord, etc.
The PrintListener attack is complex, but researchers have managed to overcome a number of problems that prevented them from achieving this result:
PrintListener uses a series of algorithms to preprocess raw audio signals, which are then used to create targeted synthetics for PatternMasterPrint (a MasterPrint created by fingerprints with a specific pattern).
Importantly, PrintListener has been extensively experimented «in real-world scenarios» and, as mentioned in the introduction, can facilitate a successful partial fingerprint attack in more than one in four cases and a full fingerprint attack in almost one in ten cases. These results are significantly superior to attacks based on the MasterPrint fingerprint dictionary.
Source: Tom`s Hardware