danie10,
@danie10@mastodon.social avatar

Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks

An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Fi ...continues

See https://gadgeteer.co.za/your-fingerprints-can-be-recreated-from-the-sounds-made-when-you-swipe-on-a-touchscreen-chinese-and-us-researchers-show-new-side-channel-can-reproduce-fingerprints-to-enable-attacks/

MartinaNeumayer,
@MartinaNeumayer@mastodon.social avatar

@danie10 The best things are those told by the creators of the banking apps: "boo.. hoo.. your fingerprint is not secure!"
Yeap.. but the four-digit pin code is mega totally hyper secure one instead. Especially when it can be guessed in circa 5 and half hours, counting from 0000 to 9999 by two seconds time period per pin. 😁
Well.. but no, the fingerprint must be disabled on every single rooted device, because of "for your security". Meeeehhh!

danie10,
@danie10@mastodon.social avatar

@MartinaNeumayer
True a 4 digit pin is not secure when it is just numbers as well. But the fingerprint being determined by audio is still not easy to understand despite the reports explanation.

MartinaNeumayer,
@MartinaNeumayer@mastodon.social avatar

@danie10 Yes both methods are not particularly secure in the real life. But combined together or with some other ones are much more harder to break in. For example if someone is using hardware key like YubiKey. But banking app creators seems to not understand the such cases at all.

danie10,
@danie10@mastodon.social avatar

@MartinaNeumayer too true, none of my banks make provision for my YubiKey. They seem very stuck on the mainstream biometrics.

MartinaNeumayer,
@MartinaNeumayer@mastodon.social avatar

@danie10 Not only on that, but also they are using very outdated standards like the sms to confirm the money transfers and other financial transactions. That is pretty scary. Sms can be very easy spoofed by some criminals. For example I am still using an old school hardware token for that, which I get from my bank years ago and it is working super fine. I need to have it with me but still that is very practical and safe as well solution.

Linux_in_a_Bit, (edited )
@Linux_in_a_Bit@linuxrocks.online avatar

@danie10
If they have enough access hear your fingers on a touchscreen they probably already know your password from other attacks :blobthinkingeyes:

Also fingerprints can be recreated from something as simple as you touching a door handle, heck, your local police department can likely lift them from fabric :blobcatpolice:

Biometrics are, and always have been, quite insecure; just not enough for anybody with a low threat model to actually care :blobcataco:

danie10,
@danie10@mastodon.social avatar

@Linux_in_a_Bit
lifting from alone though does add a whole new dimension to it 😁

  • All
  • Subscribed
  • Moderated
  • Favorites
  • technology
  • DreamBathrooms
  • mdbf
  • osvaldo12
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • cubers
  • slotface
  • khanakhh
  • kavyap
  • InstantRegret
  • Durango
  • JUstTest
  • everett
  • ethstaker
  • cisconetworking
  • Leos
  • provamag3
  • modclub
  • ngwrru68w68
  • tacticalgear
  • tester
  • megavids
  • normalnudes
  • anitta
  • lostlight
  • All magazines
    •