[ad_1]
Tests performed by Cisco Talos Intelligence Group We found that fingerprint recognition systems could be overlooked in at least 80% of cases using fake fingerprints.
This means that those who want to protect themselves against well-funded actors should not rely on fingerprint authentication, Talos said.
Talos said that people should view fingerprint security technology in a way similar to a home security system.
“If you want me to stop secret agencies from spying on your house, it won’t work. But if you want to stop petty crime, it’s good enough,” Talos said.
Similarly, “for a normal user, fingerprint authentication the advantages are obvious and should be used.”
“However, if the user is a higher-profile user or their device contains sensitive information, we recommend relying more on strong passwords and two-factor token authentication,” said Talos.
Create fake fingerprints
Talos described three methods that he used to create these fingerprints.
- Direct collection – Use the real finger to create a mold of the fingerprint.
- Fingerprint sensor – Obtain a bitmap image from a fingerprint reader.
- Third – Take a photo of a glass fingerprint and use graphite powder with a brush to increase the contrast on the ridges of the fingerprints.
Results
Talos tested a variety of smartphones, as well as laptops, a smart padlock, and two USB-encrypted portable drives that use fingerprint security.
The easiest to counterfeit smartphones in all three methods include the Honor 7X, the Samsung S10, and the Samsung Note 9.
The Samsung A70 could not be counterfeited; However, Talos noted that even with the actual fingerprint, the authentication rate was very low.
Talos said that mobile phone fingerprint authentication has actually weakened compared to when it was first available in 2013.
Talos discovered that he was unable to enter Windows 10 devices due to the Windows Hello framework.
In contrast, the same cloned fingerprint was tested on the MacBook Pro and had a 95% success rate.
“The reason for the best and recurring results from Windows platforms is the fact that on all platforms the comparison algorithm resides in the operating system, therefore it is shared between all platforms,” Talos explained.
The portable drives were also well protected by their fingerprint technology, as all attempts to counterfeit a fingerprint failed.
However, the padlock was not particularly well protected and was avoidable at a speed similar to that of smartphones.
Below is a table that describes the results of these tests.
The orange bars indicate the direct collection method, the blue lines show the image sensor method, while the yellow bars are for the third-party method.
Now read: Zoom is as safe as its competitors – CEO
[ad_2]
