Unlocking The Secure – 2D Fingerprint From Dead Man Used To Unlock His Phone
The police and researchers of Michigan State University unlocked a dead man’s Samsung Galaxy S6 using digitally recreated 2D fingerprints. The smartphone did not have a passcode, and so they could try unlocking it multiple times without worrying about the device getting locked.
Smartphone makers are betting on fingerprint scanners as a major security element in smartphones. A lot of new smartphone boasts of a fingerprint scanner, and these days you can even get one in entry-level smartphones. But are fingerprint scanners really secure enough for your smartphone? Well, this investigation case of unlocking a dead man’s phone via the fingerprint scanner might just prove it wrong.
Michigan State University with its team of researchers led by Professor Anil Jain successfully unlocked a dead man’s Samsung Galaxy S6, which was an aid in a police investigation
. The deceased man had been previously arrested and so the police had copies of his fingerprints. The lab was able to scan them and made 2D and 3D replicas of the fingerprints. Initially, when they tried, both the 2D and 3D versions did not work, so the researchers reworked on the 2D version digitally. Using a computer program, they filled “in the broken ridges and valleys of the man’s prints.”After this, the team printed new 2D versions of the fingerprints and also created an electrical circuit as smartphone fingerprint scanners require an electrical circuit which cannot be read by severed fingers. They tried unlocking the smartphone once again and they succeeded this time. Commenting on the incident, Jain said that he hopes their ability “to unlock this phone will motivate phone developers to create advanced security measures for fingerprint liveliness detection.”
Highlighting how these researchers were successful in unlocking the smartphone, shows the vulnerability of fingerprint locks. We can also safely say that locking your smartphone with a pass code would be safer because even this particular phone did not have one, which made it easy for them to try multiple times. Besides, using the wrong pass code after a certain number of tries automatically disables the user from trying to unlock it again.
The incident reminds of us the recent stand off between FBI and Apple over the issue of giving access to San Bernardino gunmen’s iPhone. The security agency sought Apple to create a “backdoor” to get around its software, which Apple denied doing so. The stand off stirred worldwide debate over the encryption safeguards built into the devices. Later, FBI did manage to unlock the phone without Apple’s iPhone.
While Apple’s case was little complicated, it’s not the first time when questions have been raised over vulnerability of the fingerprint readers as security tool. Just couple of months ago TheVerge reported about a firm Vkansee, which could unlock fingerprint scanners by creating rubber mold of owner’s fingerprints. There have been similar cases as well where users could unlock the device by creating replicas of fingerprints.
