Finger Friction Sound // new attack on biometric security
Here is a summary of the key points:
- Researchers from China and the U.S. have outlined a new side-channel attack called “PrintListener” that can extract fingerprint patterns from the sound of a finger swiping on a touchscreen.
- The attack targets the Automatic Fingerprint Identification System (AFIS) used for biometric fingerprint authentication. By analyzing the friction sounds when swiping, PrintListener can uncover up to 27.9% of partial fingerprints and 9.3% of full fingerprints within 5 attempts at the highest security setting.
- As fingerprint authentication becomes more widespread, attackers are seeking new ways to obtain fingerprint data beyond just lifted prints or hand photos.
- PrintListener exploits sounds inadvertently captured during voice/video chats when users swipe screens, providing a new side-channel for fingerprint theft.
- The researchers overcame challenges like faint friction sounds, separating finger patterns from user physiology/behavior, and advancing from primary to secondary fingerprint features.
- Extensive real-world testing showed PrintListener can successfully aid dictionary attacks against fingerprint authentication far better than unaided attempts.
It outlines a novel acoustic side-channel attack that poses a new threat to the security of ubiquitous fingerprint authentication systems.
