Using a 3D printed fingerprint, Cisco Talos security researchers succeeded in passing the fingerprint scanner on phones and computers from Samsung and Apple, among others.
Several tried and tested devices passed the test, using exactly the same security solution: Windows Hello. In all other cases, the percentage of successful attempts changed, but generally managed to access the device in 80 percent of the cases. In the case of the MacBook Pro (2018 version), logging in using the 3D-printed fingerprint was successful in 95 percent of cases, while the latest Samsung Galaxy S rejected the fingerprint in 20 percent of the attempts. A clear conclusion can therefore be drawn, according to the researchers:
“With such percentages, we can conclude that the chance of unlocking a tested device before it can only be opened with a PIN code is quite high. The results also show that fingerprints are sufficient to ensure the privacy of an average user if they lose their phone, but someone who becomes the target of a motivated attacker should not use the option”.
The research into the quality of fingerprint scanners took quite some time, according to the researchers because there were quite a few hurdles to take. Finding the right material to make the print from was a big one, as was getting the perfect mould into which the original had to come. An almost 1-to-1 ratio was necessary, as a deviation of only one percent already prevented a scanner from accepting the print.