Cao told Quartz that the spoof worked on the iPhone during an earlier attempt, but it didn’t work when he tried to replicate the result for the technical report. “We unlocked it at the start of the project, but when we prepared the report, I could not unlock the iPhone. I used the same protocol and method. I’m not sure why it didn’t unlock,” Cao said.

We reached out to Apple, Samsung, and Huawei for comment and will update this post with any responses.

A well-known earlier fingerprint spoof comes from the Chaos Computer Club in Berlin, a nonprofit that works on security and privacy in technology, and involved printing the target fingerprint with latex milk or woodglue. That process, sometimes called 2.5D printing, first described in 2013, successfully unlocked an iPhone 5s. The problem with this method is that the fabrication of the print relies on the hacker’s experience, to some degree, and it takes up to half an hour for the fabricated print to dry.

But the new system proposed by Cao and Jain means that fingerprints can be generated more rapidly. “Hackers can easily generate a large number of spoofs using fingerprint reconstruction or synthesis techniques, which is easier than 2.5D fingerprint spoofs,” the report said.

A Samsung statement to Quartz said:

Samsung takes fingerprint security very seriously, and we would like to assure that users’ fingerprints are encrypted and securely stored within our devices equipped with fingerprint sensors. As the report itself points out, it takes specific equipment, supplies, and conditions to simulate a person’s fingerprint including being in possession of the fingerprint owner’s phone to unlock the device. If at any time there is a credible potential vulnerability, we will act promptly to investigate and resolve the issue.

Some companies say they have technology that will prevent these spoofs from working. A firm called Goodix has a sensor that detects a user’s blood flow, thus preventing printouts, whether 3D or 2D, from unlocking a phone.

We’re going to be using lots of devices with fingerprint sensors in the future. The number of fingerprint sensors embedded in devices will grow from 499 million in 2015 to 1.6 billion units in 2020, according to market research firm IHS. That’s why the Michigan State fingerprint spoofers are worried. “We want to emphasize the urgent need for anti-spoofing technology because more phones are using fingerprint sensors,” Cao told Quartz.

Update (Mar. 8): This post was updated with a statement from Samsung.

📬 Sign up for the Daily Brief

Our free, fast, and fun briefing on the global economy, delivered every weekday morning.