Swift Headline
Latest News and Updates

Hacking fingerprints is affordable and simple, says Kraken Security

Not so secure: There are few forms of data protection that are more secure than fingerprint authentication… Right? You’d certainly think so — that’s what companies and security pros have told us for years, after all. However, as it turns out, fingerprint spoofing might be considerably easier than heist movies would have you believe. According to Kraken Security Labs, all you need is a bit of wood glue, a laser printer, and an acetate sheet.

The cryptocurrency trading company published a report describing how the “hack” can be done over on its official blog a few days ago. The items you’d need to pull it off are affordable, and the steps are simple enough that virtually anyone could pull them off, provided they have the motivation to do so, which is a pretty frightening thought.

So, how does it work? First things first, a potential hacker needs your fingerprint — or, to be more accurate, a photo of your fingerprint. They don’t actually need physical access to anything you’ve touched, only a picture of, say, a smudge mark on a laptop screen or a reflective desktop keyboard. Kraken also gives examples like tables at a local library or gym equipment.

In either case, once a reasonably-clear photo has been acquired, you’d need to create a negative in Photoshop — Kraken says its team was able to create a “decent” one in about an hour.

Next, Kraken printed the negative image onto an “acetate sheet” using a standard laser printer. The toner, according to the company, mimics the 3D structure of a real fingerprint. The next and final step is to grab some wood glue from your local hardware store, squirt some over the top of the faked fingerprint, and let it dry. You can peel it off later, and there you have it: a (hopefully not) working fingerprint copy.

Obviously, we would not advise anyone to go out and do this but according to Kraken, it was able to perform this “well-known attack” on the “majority” of devices its team members had available. As the company notes, if this was a real attack and not a controlled experiment, the implications could be devastating for a victim.

With that said, it’s not all doom and gloom. Fingerprint authentication should be just one layer of an ideally multi-faceted approach to data and account security. You should also have a strong password and (non-SMS) two-factor authentication — the latter would prevent fingerprint hacks from being a problem in the first place.

Well, most of the time. Unfortunately, some apps allow users to bypass 2FA with a fingerprint sign-in, so in those cases, it would actually be more secure to shut off the latter entirely and rely only on 2FA and a strong password.

Read original article here

Denial of responsibility! Swiftheadline is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – admin@swiftheadline.com. The content will be deleted within 24 hours.

Facebook Notice for EU! You need to login to view and post FB Comments!

Leave a comment