Your Noisy Fingerprints Vulnerable To New Side-Channel Attack

Here’s a warning we never thought we’d have to give: when you’re in an audio or video call on your phone, avoid the temptation to doomscroll or use an app that requires a lot of swiping. Doing so just might save you from getting your identity stolen through the most improbable vector imaginable — by listening to the sound your fingerprints make on the phone’s screen (PDF).

Now, we love a good side-channel attack as much as anyone, and we’ve covered a lot of them over the years. But things like exfiltrating data by blinking hard drive lights or turning GPUs into radio transmitters always seemed a little far-fetched to be the basis of a field-practical exploit. But PrintListener, as [Man Zhou] et al dub their experimental system, seems much more feasible, even if it requires a ton of complex math and some AI help. At the heart of the attack are the nearly imperceptible sounds caused by friction between a user’s fingerprints and the glass screen on the phone. These sounds are recorded along with whatever else is going on at the time, such as a video conference or an online gaming session. The recordings are preprocessed to remove background noise and subjected to spectral analysis, which is sensitive enough to detect the whorls, loops, and arches of the unsuspecting user’s finger.

Once fingerprint patterns have been extracted, they’re used to synthesize a set of five similar fingerprints using MasterPrint, a generative adversarial network (GAN). MasterPrint can generate fingerprints that can unlock phones all by itself, but seeding the process with patterns from a specific user increases the odds of success. The researchers claim they can defeat Automatic Fingerprint Identification System (AFIS) readers between 9% and 30% of the time using PrintListener — not fabulous performance, but still pretty scary given how new this is.

28 thoughts on “Your Noisy Fingerprints Vulnerable To New Side-Channel Attack

  1. “not fabulous performance, but still pretty scary given how new this is”
    A major pitfall in every new technology is assuming that its progress continues at the same rate. Ignoring the fact that everything has its limitations. But to be honest, even the 9% success rate is way beyond what I’ve expected. We live in fascinating times.

    1. Indeed, though in this case I highly doubt the limit has been reached yet, so scary and interesting it is. Though with this study being on a very specific phone and screen cover much like morse code from the HDD lights it doesn’t seem likely to be practical for a while anyway – all those screen materials, phone structures, screen protectors, microphone quality details are going to have an influence on the results in the real world.

      So scary, but not quite scary enough to get the concept of ‘biometric security’ relegated as it should have been long long ago to an at best extra verification factor or ‘key’ for such low security locations that its job is more logging when x,y,z clock in and out of the building for human resources type reasons than it is keeping a location secure. You just can’t prevent a bad actor with some determination from getting enough of your biometric details to fool a sensor.

      Personally not at all worried by this as fingerprints only work when your fingers are not forever getting cuts, nicks, mild burns, glue, splinters etc

  2. I have a hard time believing this. Most of my calls are so poor in audio quality that I have a hard time following the conversation. Yet apparently the call quality could be high enough to discern the minute differences caused by the loops and swirls of my fingerprint touching the screen?

    1. Across many interactions with the screen you can build up a picture in theory cutting through the noise, as noise is random where your finger should remain consistent. While the call itself can be too full of ambient noise, clipping etc that you can’t understand it the finger swiping signal if it is there at all aught to be findable in a large enough dataset. Much the same way as when they then repeat themselves for the nth time….

      Though actually correctly picking out the swiping across a screen just from the audio without knowing for sure the user is swiping at all would be a challenge and if that user is using a headset or other external microphone I expect the modeling would fall apart entirely (seems from a skim that part of picking out the finger swipe data is the difference between direct sound conduction in the device and its through the air transmission). The paper has that easy as they know the swiping sound is definitely in the data and the screen surface etc. So I’d not be shocked to find that same data processing creates lots of false positives that look and sound enough like finger swiping but are not when applied to an unknown audio feed.

    2. Reading the paper they are very cagey about this, but digging through everything they relied on recording at 44.1kHz (CD quality audio) and adding a matte screen protector. Most of the data they depend on would be removed as soon as the audio went through typical conference compression.

  3. Well. I don’t know about this one, but you should clean your finger print sensor often.
    I’ve successfully unlocked 2 friends devices in the past because their finger prints were visible on the sensor, due to hand oils and such. I simply put my finger lightly over it, and the sensor detected there was a finger and their finger prints. I don’t know if this is currently still replicable with the sonar under display sensors, and it was hard to replicate even back then, but, it was possible

  4. I’m not believing this. Not only does it make no sense that the incredibly tiny signal of your finger on the screen could be captured in a regular audio call, but even with a dedicated microphone right next to my finger I doubt that the pattern of my whole fingerprint could be captured. After all, only a tiny fraction of the finger is used while doomscrolling. I’m going to wait for an actual exploit.

    1. You don’t need the whole pattern to fool a sensor though – it just needs enough of a match to some subsection of your entire fingerprint that the sensor decides it is close enough to your stored fingerprint… And exactly how fussy the sensor is isn’t consistent, but one thing is certain it must accept some degree of variation as nobodies fingers remain perfectly clean, without scuffs, cuts etc, pushed and rolled around on the sensor sufficently to remain exactly the same amount deformed by the pressured etc.

      I agree this does seem rather nutty so I am a little dubious until more folks repeat the experiment, but at the same time so many other tiny signals you would think would be impossible to use have been amplified and filtered successfully it is plausible enough.

    1. Nothing, it’s BS. They are measuring how bad the fingerprint algo is at rejecting random noise as an input, which apparently almost one in ten times it lets it through. They are not modelling an accurate image of your fingerprint through audio of you rubbing glass, this is standard AI chicanery.

      1. >They are measuring how bad the fingerprint algo is at rejecting random noise
        This. My last 3 phones with fingerprint sensor could all be reliably unlocked by trying to dry the sensor on jeans in light rain.

  5. Isn’t fingerprint or face unlock (or really any biometric unlock) considered “unsafe” against a determined attacker? Finding one more way to break it doesn’t seem to be a big deal.

    (It still has lots of uses, and covers 99% of the average person’s needs.)

  6. “The researchers claim they can defeat Automatic Fingerprint Identification System (AFIS) readers between 9% and 30% of the time using PrintListener — not fabulous performance, but still pretty scary given how new this is.”

    With some devices I find it difficult to get in with a real fingerprint that often. :D

  7. Oh man… I call shenanigans. They talk about the sampling rate of the recording, but does their attack have access to this? There’s absolutely no way the signal they want could survive the compression it would be subject to before heading out on the internet. Also I’m pretty sure the “matte screen protector” mentioned is critical to this.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.