A team of researchers from Tencent Security X-Lab demonstrated at the GeekPwn 2019 event in Shanghai how to hack a smartphone using fingerprints left on a glass.[dropcap]R[/dropcap]esearcher Chen Yu scanned fingerprints from a glass using an application on the phone, and then in 20 minutes created a physical copy of fingerprints that could trick scanners from smartphones or cars.
“The hardware needed for this attack was worth more than 1,000 yuan (approximately $140), and the equipment was just one phone and an application”, — Chen Yu explained.
According to the researchers, they were the first to crack an ultrasonic fingerprint sensor – one of the most common types used in smartphones, along with capacitive and optical sensors.
However, recall that earlier this month, the British smartphone used demonstrated how to fool the ultrasonic fingerprint sensor in the Samsung Galaxy S10. A woman bought a gel protective film for $3 and found that she could unlock the device with an unregistered finger.
As it soon turned out, her family could also unlock the phone. Samsung has since released a patch for the Galaxy S10 and Note 10’s fingerprint reader, but not before both WeChat Pay and Alipay, two of China’s biggest mobile payment platforms, disabled the use of fingerprint recognition on some Samsung handsets. Samsung suffered an embarrassing episode when it was discovered anyone can crack their ultrasonic fingerprint sensor with the help of a cheap screen protector.
Also in April of this year, the user of the Reddit forum under the pseudonym Darkshark managed to bypass the smartphone’s protection system using a three-dimensional fingerprint model.
For the latest hack, X-Lab researchers said they’ve been developing the app for months. They also noted that extracting a fingerprint is even easier from your phone’s glass than from a drinking glass.
However, X-Lab users should not worry too much about it. Chen says that as a protective measure users need to remember to wipe fingerprints regularly whenever touching anything.