PrintListener: The Sound of your Fingers can Reveal your Fingerprints
PrintListener emerges as a groundbreaking technology challenging the reliability of fingerprint security. By capturing the unique sound of finger friction on touchscreens, it enables the reproduction of fingerprints. This innovative approach sets PrintListener apart, highlighting its potential to redefine biometric security measures. As we explore its implications, the need for heightened awareness and protective strategies becomes evident.
Stay informed in our posts dedicated to Digital Security to follow its evolution thanks to our regularly updated topics
PrintListener: How this Technology can Betray your Fingerprints and How to Protect yourself
PrintListener revolutionizes the realm of Acoustic Analysis Attacks by honing in on the unique sound of finger friction on touchscreens. This novel approach allows for the replication of fingerprints, marking a significant advancement in the field. Unlike traditional techniques that broadly utilize sound to breach security, PrintListener’s methodical focus distinguishes it as a pioneering and distinct attack strategy. This specificity in exploiting fingerprint authentication systems through acoustic signals elevates PrintListener above conventional methods. As we delve deeper into PrintListener, understand the risks it poses to identity and data, and explore protective measures, this article serves as a crucial guide for safeguarding against such innovative threats.
What is PrintListener?
PrintListener is the result of a collaboration between researchers from Zhejiang University, the University of Illinois at Urbana-Champaign, and the University of Washington. They presented their technology at the ACM CCS 2022 conference, one of the most prestigious in the field of computer security. Their paper, titled “PrintListener: Fingerprinting Smartphones from Touchscreen Sound”, describes in detail the working and evaluation of PrintListener¹.
The technology exploits the friction noise of fingers on the screen, which reveals the features of fingerprints. By analyzing this sound with advanced algorithms, PrintListener can create fingerprint copies with high accuracy. You can download the officel document “PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound“.
How can PrintListener attack fingerprint readers?
Fingerprint readers are increasingly common on smartphones, computers, or applications. They are supposed to offer a high level of security, by verifying the user’s identity from their unique fingerprint.
But PrintListener can fool these readers, by using the fingerprint copies it has generated. The researchers showed that their software could succeed in attacking up to 27.9% of partial fingerprints and 9.3% of full fingerprints in only five attempts, even at the highest security level¹.
Hackers could thus access your accounts, data, or services without your consent. They could capture the sound of your fingers from various sources, such as speakerphone calls, voice messages, or online games.
How to protect yourself against PrintListener?
PrintListener represents a serious threat to biometric security, which was until now considered infallible. To protect yourself against this vulnerability, you should adopt proactive security measures, such as:
- Updating your antivirus, which could detect and block PrintListener or other malware.
- Using headphones or earphones, to prevent the sound of your fingers from being captured by the microphone of your smartphone or computer.
- Activating other authentication modes, such as PIN code or facial recognition, which are less prone to hacking.
- Changing your passwords regularly, and using strong and different passwords for each account.
How to corrupt a fingerprint?
If PrintListener is not yet available to the public, there are other methods to corrupt a fingerprint. Some are simpler than others, but they all require a certain level of skill and equipment.
- Making a mold. This involves reproducing the fingerprint of a person from an object they have touched, such as a glass, a door handle, or a keyboard. You then need to use a malleable material, such as clay, wax, or gelatin, to create a faithful imprint. This imprint can then be transferred to a rigid support, such as plastic or metal, to create a fake fingerprint.
- Using a 3D printer. This involves scanning the fingerprint of a person from a photo, a video, or an optical sensor. You then need to use a 3D modeling software to create a digital model of the fingerprint. This model can then be printed in 3D with a conductive material, such as copper or silver, to create a fake fingerprint.
- Modifying your own fingerprint. This involves changing the appearance of your fingerprint by using invasive or non-invasive techniques. The invasive techniques consist of injuring, burning, or cutting your finger to modify the lines and ridges of the fingerprint. The non-invasive techniques consist of sticking, painting, or tattooing your finger to mimic the fingerprint of another person.
These methods are more or less effective depending on the type of fingerprint reader used. Some readers are more sensitive than others to the temperature, pressure, conductivity, or depth of the fingerprint. You therefore need to adapt your method according to the reader to attack.
Statistics on fingerprint security
Fingerprint security is widely used in various domains, such as banking, healthcare, law enforcement, or travel. However, it is not flawless, and it can be compromised by different methods, such as PrintListener or others. Here are some statistics on fingerprint security that you should know:
- Over 75% of Americans have used biometric technology, which includes fingerprint scanning, facial identification, signature dynamics, and hand geometry.
- The global biometric authentication and identification market size was estimated at 17.28 billion U.S. dollars in 2019 and is expected to reach 59.31 billion U.S. dollars by 2027.
- The global automated fingerprint identification system market revenue was 8.5 billion U.S. dollars in 2022 and is projected to reach 17.3 billion U.S. dollars by 2028.
- It is estimated that hackers carry out attacks on computers and networks at an interval of 39 seconds. A new research showed that their unsecured computer was attacked 100k times per day, which is a huge increase on previous findings.
- Those using a computer for five hours per week or less were more likely to have used fingerprint recognition (46%), while those using a computer for 26 to 30 hours per week were less likely to have used this biometric (10%).
These statistics show that fingerprint security is a popular and growing market, but also a vulnerable and risky one. Therefore, it is important to be aware of the potential threats and to take preventive measures to protect your identity and data.
Summary and further reading
In this article, we have explained what PrintListener is, how it works, how it can attack fingerprint readers, and how to protect yourself against it. We have also provided some statistics on fingerprint security that illustrate the importance and the challenges of this technology.
PrintListener is not the only method to corrupt fingerprint authentication. There are other methods, such as making a mold, using a 3D printer, or modifying your own fingerprint. These methods are more or less effective depending on the type of fingerprint reader used.
If you want to learn more about these other methods, you can read our article (Are fingerprint systems really secure? How to protect your data and identity against BrutePrint), in the Digital Security section of our website. You will find out how they work, what are their advantages and disadvantages, and how to prevent them.
Enhancing Security with EviPass NFC HSM and EviCypher NFC HSM Technologies
Secure Physical Secret Outsourcing
In the wake of vulnerabilities exposed by PrintListener, adopting EviPass NFC HSM and EviCypher NFC HSM technologies becomes crucial. These solutions physically externalize sensitive information like passwords, encryption keys, OTP keys, and enable AES-256 encryption of data and messaging via NFC HSM devices. Even if a device’s fingerprint security is compromised, externally stored secrets remain inviolable, safeguarding encrypted data and messages.
Summary and Conclusion
PrintListener has shed light on significant flaws within fingerprint authentication systems, underscoring the urgent need for enhanced security measures. The integration of EviPass NFC HSM and EviCypher NFC HSM technologies offers a robust solution, physically externalizing and encrypting sensitive information beyond the reach of acoustic fingerprint hacking. This approach not only fortifies biometric security but also ensures the integrity of encrypted data and communications, providing a comprehensive shield against emerging threats.