Recent research has uncovered a weakness in biometric security systems, which can be abused to recreate fingerprints solely from the sounds they make on touchscreen devices.
Devised by a collaborative effort between researchers in the United States and China, the new technique called ‘PrintListener,’ has demonstrated efficacy in cracking biometric security measures, achieving success rates of up to 27.9% for partial fingerprints and 9.3% for complete fingerprints within just five attempts.
PrintListener is a side-channel attack designed to exploit the inadvertent capture of friction sounds produced during routine touchscreen interactions. By leveraging advanced algorithms for signal processing, PrintListener can extract precise fingerprint patterns from these captured sounds, effectively bypassing biometric security measures reliant on fingerprint authentication.
PrintListener is able to operate covertly, utilizing sounds captured during everyday activities such as voice or video chats. This provides attackers with a stealthy means of harvesting fingerprint data without arousing suspicion, paving the way for sophisticated dictionary attacks against biometric authentication systems.
“The attack scenario of PrintListener is extensive and covert. It only needs to record users’ fingertip friction sound and can be launched by leveraging a large number of social media platforms,” the researchers explained.
Last December, security researchers with Jamf Threat Labs shared details of a new post-exploitation tampering technique that allows to carry out covert attacks while fooling iPhone users into believing that their device is running in Lockdown Mode when it's not.