Is fingerprint identification safe? Reporter experience simple technology after the successful solution of orange peel unlocked
Nowadays, the relationship between cell phone and people is more and more closely related. Many personal information, bank account, payment application and so on are all stored or bound on their mobile phones, so you all pay special attention to the safety of mobile phones. And fingerprint verification has undoubtedly added a line of defense to our personal privacy and property security. Because the machine owner's fingerprint information is collected and entered, only when the machine owner passes his own fingerprint verification, can he unlock the boot or make electronic payment. But is this seemingly safe line of security really safe?
Recently, a piece of article and video on the Internet, "a piece of orange peel can open your mobile phone fingerprint lock and transfer payment" has attracted wide attention. It is mentioned that for anyone who needs fingerprint verification, anyone's fingerprints can be unlocked by using some simple processing methods, even an orange peel.
Fingerprint touch keys are broken and anyone can unlock
But shortly before, Xiao Xu from Anhui caused a crack in the finger touching key because his cell phone fell to the ground, which surprised him. After that, everyone else could use fingerprint to unlock his cell phone. Not only that, there are some payment applications that need fingerprint recognition in the handset, and unfamiliar fingerprints can also be verified and used.
Phone interview Xiao Xu: I accidentally fell on my cell phone and fell on the ground. I saw there was a crack on it. I thought this (fingerprint) could not be used. Then I took a try or found fingerprint can unlock, or can be used as Alipay, fingerprint payment can be. On the second day, I played a mobile phone in my class. My classmates touched my cell phone and unlocked. Because he used my cell phone for the first time, why he could unlock it, and then tried it out, and found that everyone could unlock and found that mobile phone could pay anything.
Subsequently, Xiao Xu immediately contacted the mobile phone manufacturer, and the merchant shielded the fingerprint. Technical staff of a technology company in Suzhou to see the online video, to know the matter, to simulate the mobile phone fingerprint touch key crack pattern in the laboratory, after many experiments, they found that even in the mobile phone without any damage after some treatment, can still break the fingerprint lock, even with a piece of orange the skin also can be validated by.
Fingerprints can be used to crack handset fingerprints
Is this the result of a miscarriage of fingerprints caused by a broken cell phone? And a piece of orange peel can be unlocked by fingerprint verification. Can it show that there are some security holes in the fingerprint verification system?
The reporter contacted the publisher of the message, and in the lab, the technician demonstrated the process.
Technician: I first use this cell phone to record a fingerprint, and my left thumb is completed. It is now visible that there is only one finger (fingerprint) in it, and only my left thumb can be locked. Try it for another person.
Reporter: I can't solve this.
After some processing, the reporters who had not entered the fingerprint had been able to unlock the machine. Later, technicians put the mainstream brand models of mobile phones on the market one by one, and the reporters successfully unlocked the phones with their fingerprints without entering the fingerprint in advance.
In addition to fingerprint opening, the use of fingerprint verification for payment transfer is also the application that many people often use at present. The reporter took out his own mobile phone and opened the fingerprint to pay for it. After that, the technicians do some operation on the reporter's cell phone. Next, besides the reporter's fingerprint transfer, it can also be verified by using cinnamon, orange peel, even napkins and other articles instead of fingerprints.
The technicians said that they simulated the crack patterns in the laboratory according to the clue of the crack of mobile phone fingerprint touch key, and found that the key to crack the fingerprint verification is the pattern on the touch key of the fingerprint. So the technician took a small piece of rubber cloth or the popular fingerprints on the market, and the back was smeared with a conductive pen to form a pattern and put it on the fingerprint of the mobile phone. As long as the owner's fingerprints touch the cloth or fingerprints, after a few successful unlocking and opening the machine, others can open the machine at will.
Technical staff Li Yangyuan: crack itself will form some patterns on the sensor, and pasted film (tape or fingerprint, conductive paste) dielectric film on the sensor will form a certain pattern, because this pattern is a finger in front of, it will replace the fingerprint. In this way, when the last software system is received, it has already got the graph of these pattern components. It takes the picture and its authentication is also a graph, so it will pass.
Technicians believe that the information received by the fingerprint sensor contains the conductive coating on the fingerprints, not the fingerprints of the main finger of the machine. In the case of fingerprint comparison, only the same part of the information can be verified. So as long as they are processed, other people's fingerprints can also be verified.
Department of automation Tsinghua University associate professor Feng Jianjiang: the fingerprint recognition technology early, like ID, attendance, and public security criminal investigation by the principle, is to look at some of the details of feature point fingers above, but generally used this technology now is not on the mobile phone, mobile phone is that it sensor area is small, especially the information rarely, so that the industry began to adopt a new plan, it is the use of the pattern itself.
Unlocking success of multi domain products with fingerprint
Nowadays, fingerprint verification is not only used on mobile phones, but also used in fingerprint verification of some types of laptops and even electronic locks on security doors. So in these areas, does fingerprint verification have such a loophole?
On a laptop computer, the technician smeared the fingerprints on the back with a conductive pen and posted it on the fingerprint verification touch key. Then the owner set a fingerprint on the computer's system and entered his own fingerprint. Next, the computer was opened by the others. After a few times the fingerprint was tried, it could also be verified and turned on.
Then, the technicians tested a lock on a door and found a similar safety hazard.
Experts suggest that although this vulnerability involves different products in different fields, if your fingerprint touch key is not damaged or pasted, it can be used normally, and there is no need to worry too much. At the same time, experts also remind you that if you are more concerned about security, try not to use fingerprints. In addition, before using fingerprint verification, it is best to check if any other foreign objects or patterns are attached to the touch key.
Feng Jianjiang, associate professor of the Department of automation of Tsinghua University: it is sure to have to check, it is really a trap, it is sure to tear the film off. If a cell phone accidentally breaks, there is a simple way at this time, that is, if you try to see if your other fingers can also unlock successfully, if you can also unlock successfully, it shows that there is a loophole. It is understood that at present, the Ministry of industry and information, the General Administration of quality inspection and other relevant departments have been involved in the investigation, and the journalists will continue to pay attention to it.
Waonews is a news media from China, with hundreds of translations, rolling updates China News, hoping to get the likes of foreign netizens