April 9, 2020

A 3D Printer Can Fool Your Fingerprint Lock Authentication

How can a 3D Printer create your fake fingerprint to unlock your smartphone & other devices through fingerprint sensor. Read on for an interesting and low-cost step by step process.

A 3D Printer Can Fool Your Fingerprint Lock Authentication

Fingerprint sensors have made their way into everyday common household necessities. From smartphones, laptops, cars to corporate biometrics and complete home security systems, your personal life is conveniently accessible by a finger-tip. Yes, it makes things a lot easier than juggling with multiple keys or using a hack-prone password. But like every digital thing, hackers and researchers have been hell-bent on finding a way around this smart technology. Though there have been few such short successes in the past, the Cisco Talos team has recently made a breakthrough in tricking the fingerprint scanner.

Researchers from Cisco Talos revealed they have been experimenting on this with different techniques for a while, and most of the experiences had taught them that it could be an expensive process. But in April, 2020 this talented team published an in-depth study that showcases an 80% success rate, that too with an affordable budget of under $2000 and a cheap-ass 3D Printer.

How Can a 3D Printer Unlock Your Phone’s Fingerprint Scanner?

Let’s address the elephant in the room! Though it’s surprising, we’re not completely shocked.

3D Printer has proven to be a boon in diverse fields from construction to medical industry, it was expected that the 3D printing technique can contribute to the hacking world as well.

The Cisco Talos researchers carried out this experiment with 3 distinct approaches to collect fingerprint samples:

  1. Direct Collection: Here the target placed his print directly on the Plastiline Clay for a perfect mold
  2. Fingerprint Sensor: This technique used basic and inexpensive electronic items like finger-print reader (to get BMP image), UART sensor, Arduino UNO and SYNODemo software
  3. Third Party Approach: This was one of the simplest tricks – obtaining the fingerprint from a high resolution picture of a brushed fingerprint on a clear glass like surface.
Direct Clay Mold | Fingerprint Scan | Brushed Fingerprint

The researchers then combined and enhanced all the 3-steps data into a single file for the most accurate representation of the print. This image was then rendered as a 3D Print file that would go through a low-cost Resin 3D Printer.

Next they were facing the most important step – Creating the Molds (tested with 25 and 50 micron). Let’s take a look at the steps:

Step 1:
The Talos team printed many models of micro molds to pick the perfect size

Step 2:
Next the molds were cured in a UV light chamber to remove any toxicity and give more firmness

Step 3:
Next challenge was figuring out the perfect filling material. The researchers needed to make a capacitive sensor and tried various materials like silicone, different types of glue, aluminium & graphite powder. But surprisingly what worked best was a fabric glue because of better definition and conductivity.

Step 4:
This final cast was then replicated into a sleeve so it can be easily adjusted over a finger, to provide the optimum pressure and conductivity.

3D Printed Fake Fingerprint Demonstration

The Talos team then started to test out their wonder creation on various devices at hand including smartphones, tablets, iPads, Laptops etc. By unlocking the fingerprint sensor in 80% of the attempts, they set a new record.

The testing machines were a blend of trending and big brands like Apple iPhone, Samsung, Huawei, Windows, MacBook, Lexar, Verbatim and more. Notably, Apple and Samsung products were much easier to fool than others. You can take a hint from that!

Getting back to the experiment, this exemplary research with such a huge success rate is definitely an inspiration, but it wasn’t a piece of cake. The Cisco Talos team remembers the struggle being real with tremendous hard work as the margin of error was close to little. If the fingerprint was just 1% off, it was a lost opportunity. The curing process also gave trouble with molds expanding with heat.

But all’s well, that ends well! The remarkable efforts of these researchers have proved that hard work, patience, and a limited budget can also work if you set your mind to something. More importantly, it is a reminder for us all to be aware and keep ourselves updated with the latest in cyber-security news. Maybe switching back to PIN is in your self-interest.

Let’s take a quick recap of the efficient and affordable odd batch that they used to successfully attempt a fingerprint hack:

  • Multiple Smartphones, Tablets & Laptops
  • Resin 3D Printer
  • Clay
  • Graphite Powder
  • SYNODemo Application
  • Fabric Glue

That’s all it took - a budget of less than $2000! If you wish to get a glimpse inside the Cisco Talos in-depth research, please click here.