Using a fingerprint scanner to keep intruders out of your phone might not be as secure as you think. Two researchers from Michigan State University, Kai Cao and Anil K. Jain, developed a relatively cheap and effective way to beat fingerprint readers, and successfully tested their method on a Samsung Galaxy S6 and Huawei Honor 7.
All they needed to do was lift a fingerprint off of the phone's screen, scan it, format it, and print out a copy using special conductive ink and paper in a regular inkjet printer. The duo said the whole process takes about 15 minutes.
The entire setup can cost as little as $500. All that's needed is an inkjet printer, a regular black ink cartridge, three AgIC silver conductive ink cartridges, and some special AgIC paper, which you can buy as a bundle. Oh, and your fingerprint, which can be lifted directly off the phone's screen.
Once an attacker has a copy of your fingerprint, it can be scanned into a computer, formatted, then printed onto the special paper. Then the hacker just needs to cut out the fingerprint and place it on the scanner. Though the researchers only tested the Samsung and Huawei phones, this method will probably work on most devices, including other smartphones, safes, and locks.
The researchers's goal is to spread awareness about how easy it can be to beat a biometric scanner, hoping to spur improvements in future technology.
The AgIC cartridges aren't cheap—$250 for a set—but the cost is probably worth it to some attackers out there considering how it might pay off.
There probably isn't a huge risk that this will happen to you, but don't let your guard down. As for defending against it, you can try to be vigilant about wiping your phone off to rid it of fingerprints, but that can be pretty hard considering how often we touch our phones.
Remember that not only does fingerprint-protection guard the contents of your device, but also things like payment information, login access, and more.
The inkjet method won't worth on 3D fingerprint scanners like on an iPhone, but those can be beaten, too. For now, the no-brainer solution if you're worried about this type of attack is to use a PIN, passcode, or pattern lock, depending on the options available on your device. And above all else, keep a close eye on your phone and don't let it fall into the wrong hands.