EXECUTIVE SUMMARY:

Biometric passwords have become popular, but vulnerabilities in these systems leave users’ phones and data at risk of being hacked and sold on the dark web.

International white-hat researchers recently identified a vulnerability that allows them to access a phone’s contents in a mere 20 minutes. The researchers showcased this vulnerability and the associated methodology at the 2019 GeekPwn conference in Shanghai.

In a live demonstration, one of the presenters requested for volunteers from the audience to touch a piece of glass. The residual finger prints were then photographed with a smartphone, and released into an app designed by the researchers.

“Although the precise methodology was not revealed, the app is thought to extract the data required to clone a fingerprint, presumably using a 3D printer”.

The researcher then unlocked three different smartphones that were given to members of the audience. In the end, the researchers penetrated three different fingerprint scanning technologies that are commonly used in the smartphone industry.

The researchers’ demonstration of the fingerprint lock vulnerability is one of many ways that hackers can potentially access smartphone systems and data.

To read more about the vulnerabilities of fingerprint locks, see this Forbes article.