National Security News

Reporting the facts on national security

National Security News

AI Tech

Fingerprints Exposed: PrintListener Shakes Biometric Security

In a technological revelation, researchers from the University of Colorado and esteemed counterparts in China uncovered a novel method to compromise biometric security measures. Dubbed PrintListener, this cutting-edge technique cleverly reconstructs a person’s fingerprints by analysing the sounds produced during the simple act of fingertip swiping on a touchscreen.

The implications of this discovery extend beyond the realm of casual smartphone use, impacting biometric security systems employed in various applications, from smartphones to door access locks. While the technical details are complex, the essence of the threat lies in the ability to exploit the sounds generated as fingers traverse a screen.

PrintListener’s operational scope is vast and covert, utilising the microphones embedded in smartphones to record fingertip friction sounds. The researchers underscore the seriousness of this threat in a research paper titled ‘PrintListener: Uncovering the vulnerability of fingerprint authentication via the finger friction sound.’

In practical scenarios, PrintListener demonstrated concerning success rates, achieving a partial reconstruction of a person’s fingerprint 27.9% of the time and a full reconstruction 9.3% of the time. Given the widespread integration of fingerprint authentication in daily activities, including phone unlocks, online payments, and government identification, the implications are significant.

Understanding the Threat: How PrintListener Operates

To comprehend the magnitude of the threat, it’s crucial to delve into how PrintListener operates. The attacker initiates the assault armed with the victim’s contact information, which may include the victim’s phone number or account details for platforms like Google Meet, Skype, or Discord. The attacker then cleverly proceeds to infiltrate the victim’s digital space by initiating a voice or video call, connecting to voice collaboration software, or discreetly joining the same online voice or video conference.

To make matters worse, the attacker can deploy malware with recording permissions, operating stealthily in the background to capture the swiping friction sound. This method adds a layer of sophistication to the attack, enabling the extraction of intricate fingerprint patterns without the victim ever suspecting foul play.

Addressing this newfound vulnerability is crucial, considering the anticipated growth of the global fingerprint biometrics market to nearly $75 billion by 2032. The researchers suggest potential countermeasures, such as specialised screen protectors and the development of advanced sound analysis techniques.

However, the most practical advice offered by the researchers involves altering user behaviour. By refraining from swiping fingers on phone screens during audio and video calls, individuals can reduce the risk of falling victim to this stealthy attack. This precautionary measure extends beyond personal security, hinting at the broader societal impact, including potential threats to national security.

As we navigate an increasingly digitised world where biometric technologies permeate every facet of our lives, PrintListener serves as a stark reminder that the avenues for exploitation are ever-expanding. Balancing the convenience of biometric authentication with robust security measures becomes imperative to safeguard sensitive information and, by extension, national security.

Val Dockrell is a London-based Senior Investigator and Open Source Intelligence (“OSINT”) specialist who has led in-depth investigations in multiple jurisdictions around the world. She also speaks several languages and is a member of the Fraud Women’s Network. Her X (formerly Twitter) handle is @ValDockrell.