Computer security researchers have uncovered a novel fingerprint recognition technique, based on the sounds made by a finger on a touchscreen. If combined with malicious software, this could one day expose users to biometric data theft.
PrintListener is the term given to a new technique revealed by a team of researchers based in the US and China. It exploits the sound of finger friction on a touchscreen to extract the patterns of the corresponding fingerprint.
The method involves capturing sounds via microphones built into electronic devices during common interactions on user platforms such as Skype, Discord, WeChat, FaceTime and Google Meet. A software application can then bit by bit reconstruct the user’s fingerprint, without their knowledge.
This type of discovery obviously raises many fears in terms of IT security. The technology in question presents a genuine risk of biometric data theft and could eventually call into question the reliability of fingerprint authentication systems.
Initial results are impressive: the system is already capable of reconstructing a partial fingerprint in 27.9% of cases and a complete fingerprint in 9.3% of cases. All of this after five attempts.
The side-channel attack (ie, an attack that uses extra information gathered through the way an algorithm or IT system is set up) PrintListener works by exploiting a little-known but potentially highly invasive flaw that could enable a hacker to obtain someone’s fingerprints without even needing direct access to the device they’re using. With the use of malware, the hacker could then recover the victim’s fingerprint in addition to other sensitive data (passwords, bank details, etc). – AFP Relaxnews