Apple’s iPhones and Samsung’s Galaxy phones are penetrated by so-called ‘Fake Fingerprints’ that are made by forging fingerprints. Although ApplePay and SamsungPay have been using fingerprint authentication method, they need an alternative since there isn’t a way to catch fake fingerprints.
Etnews and Real Identity have performed ‘Fake Fingerprints’ testing on the 17th. They had made fake fingerprints and attempted them for personal authentication and payment approvals on iPhone 6S, iPhone 6S Plus, and Samsung’s Smartphones. After the testing was over, they found out that fingerprint authentication could not catch fake fingerprints regardless of type of Smartphones. This indicates that payments on Smartphones can be made by fingerprints that are made with silicon.
Fake fingerprints were not caught because fingerprint sensors that are built in Smartphones extract 2D images and only compare them to real fingerprints.
Method of extracting fake fingerprints was also very easy. They can be made within an hour with just an adhesive for woodwork and thermo-silicon. Thermo-silicon is first put over a person’s fingerprint. Then cast for fingerprint is made and it solidifies clearly after certain amount of time if an adhesive is applied on its surface. Fingerprint that is identical to an actual fingerprint can be separated and obtained.
Fingerprint authentication is seen as one of the methods of biometrics. However if there are incidences where fingerprints are duplicated, situation will become very bad and it will be very hard to restore it to original state.
Currently there are optical-method, static-method, and ultrasonic wave-method in fingerprint authentication. Although these methods’ technologies are little bit different from each other, they all use 2D images of patterns that are made up of ridges and valleys and located on outer layers of skin of fingers. Smartphone manufacturers have chosen one of these 3 methods, and currently there aren’t technologies that can determine whether fingerprints are real or not.
Bigger problem is that Apple’s iPhones and Samsung’s Smartphones perform mobile payments by linking fingerprints with ApplePay and SamsungPay respectively. Although there aren’t any incidences where mobile payments were abused by silicon-made fingerprints, an impact will be great if there are crimes that involve silicon-made fingerprints. Because especially many financial companies are trying to introduce non-face-to-face authentication method, possibility of financial crimes that abuse such method is very high.
“Fake fingerprints are already involved in illicit transactions in foreign countries, and there are incidences where ApplePay is being abused.” said CEO Lee Seom-kyu of Real Identity.
Even in South Korea, incidences where fingerprints are being forged are happening one after the other. While government workers were caught using silicon-made fingers to receive extra pay illegally for working night shifts, fake fingerprint was also used in a real estate scam that was worth about $4.08 million (5 billion KRW). There are also incidences where people pass through immigration checkpoints by using fake fingerprints that are made with adhesives.
Security experts are pointing out that fingerprint authentication needs to also check 2nd biometric information such as blood flow, sweat and others that fingerprints have.
Because current biometric sensor uses a method of comparing characteristic, which is extracted from information of 2D and 3D images, to database, duplication can be easily done if information of an image is obtained.
Because application area of fingerprints is expanding towards service methods such as FinTech, IoT, wearable devices, Smart Medical Service that are converged with IT, alternatives regarding fake fingerprints need to be set up urgently.
Staff Reporter Gil, Jaeshik | firstname.lastname@example.org