Hacking a phone's fingerprint sensor in 15 mins with $500 worth of inkjet printer and conductive ink

Are the tips of all…members…unique?

1 Like

Got it. Yeah, I’m not sure. I jumped in to the thread without reading the article, as I already considered physical attacks against biometrics a forgone conclusion. Not sure why they didn’t test against the iPhone.

Unless they can watch (record?) you using your phone in advance.

Using a fingerprint reader gives whomever steals your phone the perverse incentive to cut off your finger too.

Office environment. People leave fingerprints on photocopiers, even glass desktops. I know this is a little paranoid to some people, but industrial espionage really exists. It’s quite a big industry There have been enough reports of (often Chinese but YMMV) workers in US companies gaining access to laptops and installing backdoors, for instance.
Spies in these environments may be around for a long time and have several possible targets. To recite the usual security mantra, you need to be protected all the time because your opponent only has to be lucky once.
And how long do you have to miss your phone before you conclude it has been stolen? Fifteen minutes may be enough to unlock it, install malware, and return it. Did you leave it in your coat while you went to the restroom? Did you just once leave it in your bag at the gym?

Like so many people you are assuming that your case is the only one.


Why can’t I just dust your device for your noseprint?

Exactly. A nice elegant solution for that problem, not to be confused with strong security.

She hasn’t mastered the use of pliers and rope yet then.

Yup. If you aren’t using a randomly generated 64 character string of ascii glyphs, you only have yourself to blame.


I see reports about this fairly regularly. The advantage Biometrics will always have is that it cannot be done remotely. You have to physically have the phone and someones finger print. No matter how easy it gets to spoof a biometric data there is still a fundamental logistical advantage.

Unlike entering a passcode?

And it may not be true. In poorly implemented biometrics where a software gate is opened or closed as the result of a biometric test, it is possible that suitable malware might be able to operate that gate remotely. As phones currently only really have a single computer architecture, the possibility of this cross-contamination exists. The only way that biometrics can be guaranteed not to be cracked remotely is if the biometric assembly operates a physical switch which supplies power to the protected system.

I know I’m ultra-suspicious, but then I have a fair bit of money invested that I was paid for being suspicious, so there is that.

This topic was automatically closed after 5 days. New replies are no longer allowed.