“Finger-swiping friction sounds can be captured by attackers online with a high possibility” - New research shows your fingerprints can be digitally recreated just from the sounds they make

Keep your fingers to yourself

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

New research has found that your fingerprints can be recreated just from the sounds they make on a touchscreen, and then used to attack biometric security measures.

While this sounds like something straight out of the plot of a budget spy film, thefindings(PDF) from team of researchers from the US and China found that by using this technique, they were able to crack “up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%.”

The technique utilizes a side-channel attack called PrintListener to match an individual’s fingerprint to a MasterPrint or DeepMasterPrint dictionary to fool the Automatic Fingerprint Identification System (AFIS) into detecting a legitimate and authorized fingerprint.

Finger friction is now a security risk

The team of researchers tested their PrintListener technique “in real-world scenarios” that resulted in successful attacks using both partial and complete fingerprints, significantly outpacing the success rates of MasterPrint dictionary attacks.

As you would expect, the sophistication of the PrintListener algorithms is immense with a highly complex workflow required to generate a fingerprint from isolated friction sounds that are muddled in the background noise of a Discord or FaceTime call.

Physiological and behavioral factors then have to be taken into account as they can influence the sound a finger makes on a screen, which the researchers addressed by using a technique known as minimum redundancy maximum relevance (mRMR) alongside an adaptive weighting strategy.

These techniques identify the features of the left loop, right loop, and the whorl of a fingerprint from the frictional sound characteristics which can then be used to generate synthetic fingerprints. In one in four attacks, the PrintListener technique was able to successfully attack AFIS using partial fingerprints, and in almost one in ten cases using complete fingerprints.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

There have been significant concerns about threat-actors using photographs of individuals' hands to bypass biometric identification measures, with some people exercising extra care when having their pictures taken.

ViaTom’s Hardware

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)