New research suggests attackers can use the sound of a user’s finger swiping on a touchscreen to recreate their fingerprint pattern, according to a report Tuesday. And that biometric security risk could lead to trouble, of course.
All it takes is casual swiping in popular apps while a device microphone is on.
Great. As if we didn’t have enough to worry about, biometic-security-wise.
PrintListener fingerprint security risk: Sound of touchscreen swipe could give away your fingerprint
Researchers in China and the U.S. outlined the weird new possibility that hackers could get your fingerprint off the sound of a touchscreen swipe in a new paper, Tom’s Hardware reported. It remains to be seen if this spells trouble for increasing efforts by Apple and others to rely on biometrics for authentification.
The paper’s title is PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound.
In such a “side channel attack,” a hacker could compromise the widely used Automated Fingerprint Identification System (AFIS). It’s key to a growing biometic fingerprint security market that could be worth $100 billion in less than a decade.
Here’s how the article describes what researchers found:
The attack leverages the sound characteristics of a user’s finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.” This is claimed to be the first work that leverages swiping sounds to infer fingerprint information.
So, as you may infer from that description, the chances of your fingerprints being swiped with criminal intent seem pretty low. And yet the methods that could get them take advantage of very popular apps. And the success percentages shown above related to the PrintListener fingerprint security risk are actually considered alarmingly high.
As the article states:
The PrintListener paper says that “finger-swiping friction sounds can be captured by attackers online with a high possibility.” The source of the finger-swiping sounds can be popular apps like Discord, Skype, WeChat, FaceTime, etc. Any chatty app where users carelessly perform swiping actions on the screen while the device mic is live. Hence the side-channel attack name – PrintListener.
