05.05.2022 13:30

How Hackers are Using Malware to Steal Fingerprints and Sensitive Data

News image


From the past couple of years, the usage and complexity of malware have become slightly inclined, somewhere technology specialists and investigators have managed to remain ahead. So far that’s all. 

According to Symantec’s experts, in the next two years, the improvements in malware development will greatly outweigh the previous changes, painting a boring picture when you remember how much longer it takes to release operating systems and browsers. 

Are the technologies and advancements behind malware evolving that rapidly? Are the security solutions reliable enough that it can fight against malware?

The answer to this is, no one really knows.

Presently, as you investigate any of the current developments in the field of computer systems, the situation appears intimidating, such that malware can very well hit a point when cyber protection no longer holds up. 

Malware is incredibly competitive. Every malware is battling to infect the greatest percentage of the Internet with malware writers fighting each other.

How Hackers Steal Fingerprints

There obviously exists numerous methods to steal fingerprints.

In this blog, we will discuss only the three most used methods used by hackers to demolish customer’s identities and steal sensitive data associated with fingerprints. 

Method #1: Mold the Targeted Fingerprint

A molded fingerprint may be taken while the victim is, say, oblivious or unconscious. Reasonable material is any soft setting; e.g. clay modeling. 

An intruder will then use the mold in order to create a fake fingertip. The apparent challenge is that the assailant has to be physically available and in an acceptable state.

Method #2: Get Hold of the Fingerprint Taken With a Scanner

Another way is to catch a scanner’s fingerprint. This approach is more complex scientifically, but the positive news for minor fraud is that it is not stored confidently by all organizations that maintain biometric data. So online scanned fingerprints can’t be identified or bought on the darknet cheaply. 

The flat picture would then become a 3D model to be printed on a 3D printer. Firstly, they were not able to identify their dimension in the software in which the researchers produced the drawing. Second, it was important to heat the photopolymer used in the budget 3D printer after printing, which changed model size. 

Thirdly, if researchers were eventually able to create a viable model, the polymer from which they were produced turned out to be too rough, not fooling a single scanner. 

The researchers choose to print a cast, instead of a finger model and then make a prosthetic finger from a more elastic fiber.

Method #3: Capturing the Photo of the Fingerprint on a Glass Surface

The other and the easiest way to steal a fingerprint to take a photo of the desired fingerprint on a glass surface. This is exactly what happened with the iPhone 6 fingerprint scanner. 

The image is processed to achieve the requisite transparency and then goes to a 3D printer, as before. 

The experiments with 3D printing were long and boring, as the researchers pointed out. The printing system was calibrated and the right size mold was found by test and error, with a total print time of 50 per model. 

Therefore it is not possible to easily do a false fingerprint to unlock a stolen Smartphone, nor is it a super quick way to copy the fingerprint of a sleeping victim.

Half the fight is to make a mold to the fingerprint. Material selection for the model itself was even more difficult since the fake was checked on three sensor forms, each using a separate fingerprint reading system. 

For example, it is meaningless for ultrasonic and optical sensors, but not the capacitive kind, whether a substance will conduct current. 

However, this aspect of the method can be obtained by anyone: inexpensive fabric glue is the perfect material for imitation printing.

Which Devices Were Unlocked Using Fake Fingerprints

The researchers tested their fake samples on a number of smartphones, tablets, and laptops from different manufacturers, as well as on a smart lock and two USB drives protected with a fingerprint sensor: the Verbatim Fingerprint Secure and the Lexar Jumpdrive Fingerprint F35. 

At the least successful end of the spectrum, the 3D-printed molds were not quite different; in fact, all three approaches mentioned above perform well.

Exceptions have been developed. In fact, the Samsung A70 smartphone could not be split by the testing team — even though it is worth remembering that the A70 is still most likely to not know its real user. 

Unlike the manufacturer, computers running Windows 10 were also non permeable. This extraordinary stability is due by the researchers to the fact that the operating system itself fits the fingerprint not much of the software maker. 

In the meantime, the safe flash drives proved deserving of the tag, even though our colleagues caution them that they too can be more advanced. 

And then, ultrasound fingerprint scanners were the simplest thing to deceive. They read false prints as authentic beyond their ability to interpret a 3D image by pushing a real finger on the sensor.

How Secure Are Your Fingerprint Sensors

The head of the team of X-Lab Chen Yu requested that random people touch a bottle. The left fingerprints were then taken with a smartphone and transferred into an app created by hackers. 

The software is expected to extract the data needed to clone a fingerprint using a 3D Printer, but the exact technique has not been seen.

It was not shown to the audience for security reasons the physical aspect of the cloning, but the fingerprints produced by the operation were used in order to release three separate smartphones recorded for the audience. 

The three most important innovations used in the mobile phone industry are the three separate fingerprint scanning technologies: capacitive, optical, and echo. 

The three of them were defeated and it took just 20 minutes to take pictures of the fingerprint and decrypt this unit.

Beware of Uncertain

While the future of malware is unclear, the risks are certainly present and increasingly popular. There exist many other biometric authentication services such as facial recognition which are much better and secure as compared to fingerprints that businesses need to adapt to prevent fraud. 

However, the good news is that much of our attempts to defend ourselves can benefit to a certain extent. Firewalls, anti-virus, and anti-spyware programs, identity theft solutions are all excellent ways to keep us from these new malware deployments but will this be enough?

Thank you!
Join us on social networks!
See you!