Cisco has conducted a research project on bypassing fingerprint authentication systems and it achieved a success rate of roughly 80 percent, but the company’s experts were unsuccessful against Windows devices.
Many companies advertise biometric authentication as a more secure alternative to the traditional password. Fingerprint authentication is currently the most common, being used for smartphones, laptops, and other types of devices, such as padlocks and USB drives.
The analysis conducted by Cisco’s Talos threat intelligence and research group involved collecting a fingerprint directly from the targeted user or from a surface touched by the victim. They then used a 3D printer to create a mold of the fingerprint, and created a fake fingerprint by filling the mold with low-cost fabric glue. Researchers decided to set a relatively low budget for this project in an effort to determine what a threat actor with limited resources could achieve.
Cisco Talos tested their fake fingerprints against optic, capacitive and ultrasonic sensors, but the researchers did not find any major differences in terms of security. However, they noted that they achieved the highest success rate against ultrasonic sensors, which are the newest type of sensors, commonly found in devices that require an in-display sensor.
In the case of mobile phones, the researchers bypassed fingerprint authentication on a majority of devices. In the case of laptops, however, while they achieved a 95 percent success rate against a MacBook Pro, they could not achieve even a single successful bypass on Windows 10 devices that use the Windows Hello framework.
Talos researchers also tested their fake fingerprint against two encrypted USB thumb drives from Verbatim and Lexar, but they could not bypass authentication. Finally, they tested a padlock and achieved a high success rate.
cisco research shows success bypassing fingerprint authentication
