This post has been updated.
Researchers at Michigan State University have found a cheaper and faster way to unlock mobile phones protected by fingerprint sensors using an off-the-shelf printer and special photo paper. The process can be done in well under 15 minutes, significantly faster than current fingerprint spoofs—which rely on 3D printing—that take more than twice as long.
The method uses a normal inkjet printer and conductive silver ink and a type of photo paper, both from a Japanese manufacturer called AgIC. The researchers used a Brother printer that costs about $400 new on Amazon. The method is detailed in a technical report (pdf) published Feb. 20.
The process starts with a scanned photo of the target user’s fingerprint. This image is scanned, then some fiddling with contrast levels may be required. The image is then mirrored and printed on a glossy paper that resembles photo stock, using a conductive ink that contains silver. A set of ink and paper costs about $350 from the manufacturer, AgIC.
The Michigan State researchers, Anil Jain and Kai Cao, tested four phones, unlocking two successfully. They were a Samsung Galaxy S6, Huawei Honor 7, iPhone 5s, and Meizu MX4 Pro. The spoof worked on the Samsung and Huawei handsets, but not the Apple and Meizu ones. Here’s a video of the spoof in action:
Cao told Quartz that the spoof worked on the iPhone during an earlier attempt, but it didn’t work when he tried to replicate the result for the technical report. “We unlocked it at the start of the project, but when we prepared the report, I could not unlock the iPhone. I used the same protocol and method. I’m not sure why it didn’t unlock,” Cao said.
We reached out to Apple, Samsung, and Huawei for comment and will update this post with any responses.
A well-known earlier fingerprint spoof comes from the Chaos Computer Club in Berlin, a nonprofit that works on security and privacy in technology, and involved printing the target fingerprint with latex milk or woodglue. That process, sometimes called 2.5D printing, first described in 2013, successfully unlocked an iPhone 5s. The problem with this method is that the fabrication of the print relies on the hacker’s experience, to some degree, and it takes up to half an hour for the fabricated print to dry.
But the new system proposed by Cao and Jain means that fingerprints can be generated more rapidly. “Hackers can easily generate a large number of spoofs using fingerprint reconstruction or synthesis techniques, which is easier than 2.5D fingerprint spoofs,” the report said.
A Samsung statement to Quartz said:
Samsung takes fingerprint security very seriously, and we would like to assure that users’ fingerprints are encrypted and securely stored within our devices equipped with fingerprint sensors. As the report itself points out, it takes specific equipment, supplies, and conditions to simulate a person’s fingerprint including being in possession of the fingerprint owner’s phone to unlock the device. If at any time there is a credible potential vulnerability, we will act promptly to investigate and resolve the issue.
Some companies say they have technology that will prevent these spoofs from working. A firm called Goodix has a sensor that detects a user’s blood flow, thus preventing printouts, whether 3D or 2D, from unlocking a phone.
We’re going to be using lots of devices with fingerprint sensors in the future. The number of fingerprint sensors embedded in devices will grow from 499 million in 2015 to 1.6 billion units in 2020, according to market research firm IHS. That’s why the Michigan State fingerprint spoofers are worried. “We want to emphasize the urgent need for anti-spoofing technology because more phones are using fingerprint sensors,” Cao told Quartz.
Update (Mar. 8): This post was updated with a statement from Samsung.