Fingerprint authentication has widespread adoption in identity verification systems owing to its speed and cost-efficiency. However, the risk of fingerprint leakage poses serious security concerns, as outlined in a new research paper called “PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound“.
PrintListener: Biometric Fingerprint Security at Risk
These security concerns include theft of sensitive information, economic losses, and potential compromise of national security. The paper, written by a group of Chinese and U.S. academics, introduces PrintListener, a novel side-channel attack on Automatic Fingerprint Identification Systems (AFIS), which exploits users’ fingertip swiping actions to extract fingerprint patterns and create a potent synthetic fingerprint, PatternMasterPrint. PrintListener operates covertly, requiring only recording of fingertip friction sound, and can be launched via social media platforms. Experimental results demonstrate PrintListener’s significant improvement in attack potency compared to existing methods.
As it turns out, up to 27.9% of partial fingerprints and 9.3% of complete fingerprints can be successfully attacked within just five attempts, even at the highest security threshold of a False Acceptance Rate (FAR) of 0.01%. What’s more, this pioneering work marks the first instance of exploiting swiping sounds to extract fingerprint information, introducing a new paradigm in fingerprint security: PrintListener.
With the fingerprint authentication market expected to jump to nearly $100 billion by 2032, the stakes are high for organizations and individuals alike. The increasing awareness of potential fingerprint theft has prompted a shift in behavior, with many now cautious about exposing their fingerprints, even in photographs.
PrintListener Uses Our Finger-Swiping Actions
But how does an attacker procure fingerprint data without direct contact prints or detailed finger photos? Enter PrintListener. This sophisticated attack method capitalizes on the sounds generated by finger-swiping actions, which can be captured through various online platforms like Discord, Skype, and FaceTime. This novel side-channel attack extracts crucial fingerprint patterns, hence its apt moniker – PrintListener.
Behind the scenes, PrintListener’s development was no small feat. Researchers tackled three significant challenges:
- Faint Sound Localization. A specialized algorithm based on spectral analysis was devised to pinpoint and amplify the subtle friction sounds produced during finger-swiping actions.
- Pattern Separation. To distinguish between finger pattern influences and user-specific physiological and behavioral features, researchers employed advanced techniques such as minimum redundancy maximum relevance (mRMR) and adaptive weighting strategies.
- Feature Inference. Moving beyond primary fingerprint features, PrintListener delves into secondary features through statistical analysis and heuristic search algorithms.
Practical validation of PrintListener’s efficacy was conducted through extensive real-world experiments. The results are staggering: PrintListener significantly outperforms conventional MasterPrint dictionary attacks, achieving successful partial fingerprint attacks in over a quarter of cases and complete fingerprint attacks in nearly one in ten cases.
The implications are profound. Biometric fingerprint security faces unprecedented challenges, and PrintListener serves as a wake-up call, urging us to reevaluate existing security measures and improve defenses against emerging threats.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: