For years now, fingerprint security unlocking has been available on the vast majority of mobiles and even entry-level models. With the arrival of TouchID on the iPhone 5S in 2013, hackers have been trying to hack this type of authentication located on the round button of the mobile. At the time, it only took them 48 hours to succeed.
This challenge has become more and more complicated due to the security reinforcements provided by the various manufacturers. Today, fingerprints are often used for double authentication of an account on mobiles, and it is quite useful. It can be said that everyone is now safe from a hacking attempt via these fingerprint security systems. “Everyone,” except perhaps people specifically targeted by hackers with significant resources or state support. It is the finding of a study just published by Cisco’s Talos security group. With a budget of $2,000 a month, they have been testing fingerprint authentication systems on mobiles from Apple, Microsoft, Samsung, Huawei, and the other three major manufacturers of sensors found on electronic devices. In the end, out of 20 attempts with each device, in 80% of the cases, the authentication was successful with false fingerprints very close to the real ones.
0% chance of success with Windows 10
While this hacking is possible and quite effective, the team explains that more than 50 impression molds had to be made before one worked with this level of result. The experiment lasted several months. In other words, it’s not within reach of all pirates. You first have to get fingerprints from the target and design the print models. It requires such determination that the goal must be of great importance to wish to access the contents of his device. For this reason, pirate groups supported by entities with ample resources or states would be the only ones likely to carry out the operation.
The figures for the iPhone and other mobiles were quite similar. Some models, such as the Honor 7x or the Samsung Note 9, could be systematically unlocked. Overall, the newer the models, the more attempts were required. In any case, this means that the probability of accessing the content of mobile before it was blocked by code is very high. Apart from the mobiles, only two sensor-secured USB sticks refused all attempts to unlock with the fake fingerprint. The computer they were securing was powered by Windows 10. For the researchers, it is thanks to the fingerprint comparison algorithm integrated into Windows 10 that the security was reinforced. But for them, that doesn’t mean it’s impossible. It would just take a little more time and resources to achieve it.