Researchers at Cisco the possibility of using 3D printers to create fingerprint mockups that can be used to deceive biometric authentication systems used on smartphones, laptops, USB keys and electronic locks from various manufacturers. The developed counterfeiting methods were tested on various types of fingerprint sensors - capacitive, optical and ultrasonic.
The study showed that the use of fingerprint mockups that copy the victim's fingerprint allows unlocking smartphones in an average of 80% of attempts. To create a clone of a fingerprint, you can do
without special equipment available only to special services, using a standard 3D printer. As a result, fingerprint authentication is considered sufficient to protect a smartphone in case of loss or theft of the device, but ineffective in carrying out targeted attacks in which an attacker can determine the victim's fingerprint (for example, by obtaining a glass with fingerprints).
Three techniques for digitizing victim fingerprints have been tested:
- Creation of a plasticine cast. For example, when the victim is captured, unconscious or intoxicated.
- Analysis of the imprint left on a glass beaker or bottle. The attacker can follow the victim and use the object that was touched (including restoring a complete imprint in parts).
- Create a layout based on data from fingerprint sensors. For example, data can be obtained in the event of a leak of databases of security companies or customs.
The glass print was analyzed by creating a high resolution photo in RAW format, to which filters were applied to increase contrast and flatten rounded areas. The method based on data from the fingerprint sensor turned out to be less effective, since the resolution provided by the sensor was not enough and it was necessary to fill in the details in several shots. The efficiency of the method based on the analysis of the impression on glass (blue in the graph below) was identical or even higher than when using a direct impression (orange).
Samsung A70, HP Pavilion x360 and Lenovo Yoga were the most resistant devices, which were completely able to withstand the attack using a fake fingerprint. Samsung note 9, Honor 7x, Aicase padlock, iPhone 8 and MacbookPro became less resistant, which managed to be attacked in 95% of attempts.
To prepare a three-dimensional model for printing on a 3D printer, a package was used . The image of the print was used as a black and white alpha brush, with which the volumetric print was extruded. The created layout was used to create a mold that can be printed with a conventional 3D printer with a resolution of 25 or 50 microns (0.025 and 0.05 mm). The biggest problems arose with the calculation of the size of the form, which must exactly match the size of the finger. During the experiments, about 50 blanks were rejected until a way was found to calculate the desired size.
Next, using the printed form, a finger mock-up was poured, in which a more plastic material was used, not suitable for direct 3D printing. The researchers conducted experiments with a large number of different materials, of which silicone and textile adhesives proved to be the most effective. To increase the efficiency of work with capacitive sensors, conductive graphite or aluminum powder was added to the adhesive.
Source: opennet.ru