Researchers can unlock some Android phones with inkjet-printed fingerprints

Researchers busted open Samsung's Galaxy S6 and Huawei's Honor 7 phones by printing out a high-resolution copy of a victim's fingerprint.

Two researchers have figured out how to unlock some Android-based smartphones with a remarkably low-tech method.

(Image: CNET/CBS Interactive)

Michigan State University researchers Kai Cao and Anil Jain have shown in a recently-published paper how they can spoof a phone owner's fingerprints far quicker and easier than previous methods, like using gummy candies.

Their trick? Use an inkjet-printed fingerprint.

The researchers explained that they can take a high-resolution photo of a smartphone owner's fingerprint, flip it horizontally, then print the photo conductive ink cartridges on the glossy side of a certain kind of paper.

They were able to spoof Samsung's Galaxy S6 and Huawei's Honor 7 devices in separate occasions.

It could be seen as a breakthrough by hackers, malicious actors, and law enforcement -- particularly given the recent sensitivity towards US federal agents increasingly demanding access to smartphones.

Smartphones in the past few years following the debut of the iPhone 5s are increasingly including fingerprint sensors as a way to beef up device and data security, but no system is perfect.

In the weeks following the release of the fingerprint-enabled iPhone, security researchers busted the system wide open using a latex material, earning a massive bounty for their work. Since then, hackers have ramped up their assault on the technology. One case saw researchers remotely stealing locally-stored fingerprints on some affected Android devices.

"It is only a matter of time before hackers develop improved hacking strategies not just for fingerprints, but other biometric traits as well that are being adopted for mobile phones," say the researchers.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All