Creating a fake finger (spoofing the fingerprint)

To open up a smartphone secured with a fingerprint, the attacker will first need to find a high-quality print, that contains a sufficient amount of specific patterns to open up the device.

Next, an attacker will lift the fingerprint, place it on a plastic laminate, and then cast a finger to fit this mold.

Once the malicious hacker creates the fake finger, all he has to do is to place it on the scanner, press with his finger to conduct electricity and then use the unlocked phone.

​

Tricking an iris scanner

For iris scanners, all it takes is taking a photo with a cheap camera in night mode, print the iris on paper, and then put a wet contact lens to mimic the roundness of the human eye, and that’s it.

​

Hacking the biometric sensor and stealing the data

Another, more insidious method of obtaining the fingerprint data of a phone, and unlocking it, is to directly hack the part of the phone responsible for storing the information.

For iOS devices, this means breaking into the Secure Enclave. Technically, this is possible, but it is far beyond the scope of your average, day-to-day cyber criminal. The few confirmed hackings have been done by Cellebrite.

Still, the software and expertise might reach mass-market, and into the hands of script kiddies.

In the case of Android devices, researchers have proven it is possible to trick the Qualcomm provided Trusted Execution Environment by loading a customized app, which then runs a privilege escalation until it obtains greater access to the TEE.

Fortunately for us users, a cybercriminal would need considerable expertise to hack your phone in such a way.

​

​

​

​