21 February 2024

PrintListener attack allows to recreate fingerprints from touchscreen sounds


PrintListener attack allows to recreate fingerprints from touchscreen sounds

Recent research has uncovered a weakness in biometric security systems, which can be abused to recreate fingerprints solely from the sounds they make on touchscreen devices.

Devised by a collaborative effort between researchers in the United States and China, the new technique called ‘PrintListener,’ has demonstrated efficacy in cracking biometric security measures, achieving success rates of up to 27.9% for partial fingerprints and 9.3% for complete fingerprints within just five attempts.

PrintListener is a side-channel attack designed to exploit the inadvertent capture of friction sounds produced during routine touchscreen interactions. By leveraging advanced algorithms for signal processing, PrintListener can extract precise fingerprint patterns from these captured sounds, effectively bypassing biometric security measures reliant on fingerprint authentication.

PrintListener is able to operate covertly, utilizing sounds captured during everyday activities such as voice or video chats. This provides attackers with a stealthy means of harvesting fingerprint data without arousing suspicion, paving the way for sophisticated dictionary attacks against biometric authentication systems.

“The attack scenario of PrintListener is extensive and covert. It only needs to record users’ fingertip friction sound and can be launched by leveraging a large number of social media platforms,” the researchers explained.

Last December, security researchers with Jamf Threat Labs shared details of a new post-exploitation tampering technique that allows to carry out covert attacks while fooling iPhone users into believing that their device is running in Lockdown Mode when it's not.


Back to the list

Latest Posts

Iranian hackers exploit RMM tools to deliver malware

Iranian hackers exploit RMM tools to deliver malware

One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.
24 April 2024
Ongoing malware campaign targets multiple industries, distributes infostealers

Ongoing malware campaign targets multiple industries, distributes infostealers

The campaign leverages a CDN cache domain as a download server, hosting malicious HTA files and payloads.
24 April 2024
US charges four Iranian hackers for cyber intrusions

US charges four Iranian hackers for cyber intrusions

The group targeted both both government and private entities.
24 April 2024