![]() Capacitive sensors use a finger’s natural electrical conductivity to read prints, as ridges touch the reader while valleys do not. ![]() Windows Hello included in Windows 10, for example, performs the comparison from the OS using Microsoft’s Biometric Devices Design Guide. Some devices use firmware that runs on the sensor to perform the comparison while others rely on the operating system. There are two steps to fingerprint authentication: capturing, in which a sensor generates an image of the fingerprint, and analysis that compares the inputted fingerprint to the fingerprint that’s enrolled. Defeating fingerprint authentication: A how-to One other product tested-a Samsung A70-also attained a 0-percent failure rate, but researchers attributed this to the difficulty getting authentication to work even when it received input from real fingerprints that had been enrolled. “We estimate that with a larger budget, more resources and a team dedicated to this task, it is possible to bypass these systems, too,” they wrote. The researchers cautioned against concluding that the zero success-rate for Windows 10 devices and the USB drives meant they were safer. The reason for the better results from the Windows 10 machines, the researchers said, is that the comparison algorithm for all of them resided in the OS, and therefore the result was shared among all platforms. ![]() Five laptop models running Windows 10 and two USB drives-the Verbatim Fingerprint Secure and the Lexar Jumpdrive F35-performed the best, with researchers achieving a 0-percent success rate. Fingerprint authentication in the iPhone 8, MacBook Pro 2018, and the Samsung S10 came next, where the success rate was more than 90 percent. The devices that were the most susceptible to fake fingerprints were the AICase padlock and Huawei’s Honor 7x and Samsung’s Note 9 Android phones, all of which were bypassed 100 percent of the time. However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication.” “The results show fingerprints are good enough to protect the average person's privacy if they lose their phone. “Even so, this level of success rate means that we have a very high probability of unlocking any of the tested devices before it falls back into the PIN unlocking," Talos researchers Paul Rascagneres and Vitor Ventura wrote. The study also noted that the demands of the attack-which involved obtaining a clean image of a target’s fingerprint and then getting physical access to the target’s device-meant that only the most determined and capable adversaries would succeed. Tuesday’s report was quick to point out that the results required several months of painstaking work, with more than 50 fingerprint molds created before getting one to work. Other products tested permitted significantly more or even an unlimited number of unsuccessful tries. While Apple Apple products limit users to five attempts before asking for the PIN or password, the researchers subjected the devices to 20 attempts (that is, multiple groups of from one or more attempts). The percentages are based on 20 attempts for each device with the best fake fingerprint the researchers were able to create. The result: on average, fake fingerprints were able to bypass sensors at least once roughly 80 percent of the time. The researchers spent about $2,000 over several months testing fingerprint authentication offered by Apple, Microsoft, Samsung, Huawei, and three lock makers. Today, fingerprints are widely accepted as a safe alternative over passwords when unlocking devices in many, but not all, contexts.Ī study published on Wednesday by Cisco’s Talos security group makes clear that the alternative isn’t suitable for everyone-namely those who may be targeted by nation-sponsored hackers or other skilled, well-financed, and determined attack groups. ![]() Further Reading Bypassing TouchID was “no challenge at all,” hacker tells ArsAlthough hackers managed to defeat TouchID with a fake fingerprint less than 48 hours after the technology was rolled out in the iPhone 5S, fingerprint-based authentication over the past few years has become much harder to defeat.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |