There are a large number of dangers on the Internet that can cause a cybercriminal to access the data of users who have not given their consent. Whether through Bluetooth connectivity, or even scam attempts sent via WhatsApp or LinkedIn.
It seems like every week a new danger is discovered. When this is due to an application or operating system failure, Developers are working pretty quickly to cover this vulnerability and everyone is safe. Now doubt is being cast on one of the most used elements to unlock cell phones: the fingerprint reader. Fortunately, the notification is not from cybercriminal activity.
Researchers in China and the United States have discovered that attacks can occur using a method called PrintListener, which directly affects the biometric security found in most smartphones. And to do this, it relies on the sound your fingers make when you touch the screen.
Fingerprint theft
The fingerprint reader on Android phones has already been the subject of controversy, and now it has been discovered that there is a vulnerability through which other people’s fingerprints could be stolen. Even if, in this case, It is a method created by researchers and which, to our knowledge, has not been used by cybercriminals.
This attack exploits the sounds made by fingers when touching the touchscreen, to attempt to extract the fingerprint pattern through the use of algorithms. These They interpret the sound your fingers make when they touch the screen imagine what the trace that produces them might look like. This isn’t anything crazy, since some fingerprint readers we’ve seen on Android work ultrasonicly, instead of optically.
PrintListener operation
Free Android
In fact, it is a quite complicated method, since the algorithm they developed must localize sound and friction on the screen using spectral analysis. Furthermore, it needs to separate the influences of finger configuration from the user’s behavioral characteristics and obtain secondary fingerprint features from primary features.
According to the researchers, Far outperforms traditional dictionary fingerprinting attacks. Print earphone had up to 27.9% success in recreating partial fingerprints and 9.3% success in full fingerprints. This makes it the first sound trace extraction method that has been successful, but not every time, which is positive.
Prevent attacks
Translated into the real world, the attacks in which PrintListener has been used are able to capture finger sounds in applications in which video or voice calls are made, such as Discrod, WeChat, Skype or FaceTime, so that you can hear your finger touch the screen and even see it.
However, if the mobile phone has been infected, it does not matter whether any of these applications are used or not, because the multiple keys that we constantly give on the screen to move around the interface on the device are enough to try to obtain the fingerprint.
Logically, the great danger of this method of attacking users is that the fingerprint reader is one of the most widespread methods in the world to unlock the mobile. And, except for Apple mobile phones, virtually all other smartphones use fingerprint as a biometric unlocking factor. It is unclear whether there will be a response to this information in the form of an update to somehow prevent attacks that could occur in this way. After all, someone with information about another person’s fingerprints This is a more serious event than losing a password.
Some of the basic recommendations to avoid this type of attack are not to use applications that may record audio without the user’s consent. There are many cases where apps request permissions that they don’t need to perform their primary function. For example, a scientific computing app or an app intended to be a calendar doesn’t need microphone permissions, and if they do ask for it, it’s something to be wary of. On the other hand, keeping your mobile phone always updated is also a method to protect yourself, because as soon as the manufacturer releases the patch to correct any type of problem, the mobile phone will be more secure.
This may interest you
Follow topics that interest you
