https://www.tomshardware.com/tech-industry/cyber-security/your-fingerprints-can-be-recreated-from-the-sounds-made-when-you-swipe-on-a-touchscreen-researchers-new-side-channel-attack-can-reproduce-partial-fingerprints-to-enable-attacks Skip to main content (*) ( ) Open menu Close menu Tom's Hardware [ ] Search Search Tom's Hardware [ ] RSS US Edition flag of US flag of UK UK flag of US US flag of Australia Australia flag of Canada Canada * * Reviews * Best Picks * Raspberry Pi * CPUs * GPUs * Coupons * Newsletter * More + News + PC Components + SSDs + Motherboards + PC Building + Monitors + Laptops + Desktops + Cooling + Cases + RAM + Power Supplies + 3D Printers + Peripherals + Overclocking + About Us Forums Trending * AMD Ryzen 7 8700G * Nvidia RTX 4080 Super * Intel 14th-Gen Raptor Lake * PCIe 5.0 SSDs When you purchase through links on our site, we may earn an affiliate commission. Here's how it works. 1. Tech Industry 2. Cyber Security Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen -- Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks News By Mark Tyson published 19 February 2024 Researchers claim they can successfully attack up to 27.9% of partial fingerprints. * * * * * * * Comments (8) Fingerprint security (Image credit: Pexels) An interesting new attack on biometric security has been outlined by a group of researchers from China and the US. PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound [PDF] proposes a side-channel attack on the sophisticated Automatic Fingerprint Identification System (AFIS). The attack leverages the sound characteristics of a user's finger swiping on a touchscreen to extract fingerprint pattern features. Following tests, the researchers assert that they can successfully attack "up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%." This is claimed to be the first work that leverages swiping sounds to infer fingerprint information. Biometric fingerprint security is widespread and widely trusted. If things continue as they are, it is thought that the fingerprint authentication market will be worth nearly $100 billion by 2032. However, organizations and people have become increasingly aware that attackers might want to steal their fingerprints, so some have started to be careful about keeping their fingerprints out of sight, and become sensitive to photos showing their hand details. Without contact prints or finger detail photos, how can an attacker hope to get any fingerprint data to enhance MasterPrint and DeepMasterPrint dictionary attack results on user fingerprints? One answer is as follows: the PrintListener paper says that "finger-swiping friction sounds can be captured by attackers online with a high possibility." The source of the finger-swiping sounds can be popular apps like Discord, Skype, WeChat, FaceTime, etc. Any chatty app where users carelessly perform swiping actions on the screen while the device mic is live. Hence the side-channel attack name - PrintListener. There is some complicated science behind the inner workings of PrintListener, but if you have read the above, you will already have a good idea about what the researchers did to refine their AFIS attacks. However, three major challenges were overcome to get PrintListener to where it is today: * Faint sounds of finger friction: a friction sound event localization algorithm based on spectral analysis was developed. * Separating finger pattern influences on the sound from a users' physiological and behavioral features. To address this the researchers used both minimum redundancy maximum relevance (mRMR) and an adaptive weighting strategy * Advancing from the inferring of primary to secondary fingerprint features using a statistical analysis of the intercorrelations between these features and design a heuristic search algorithm Image 1 of 2 PrintListener (Image credit: Huazhong University, Wuhan University, Tsinghua University, University of Colorado Denver) PrintListener (Image credit: Huazhong University, Wuhan University, Tsinghua University, University of Colorado Denver) To prove the theory, the scientists practically developed their attack research as PrintListener. In brief, PrintListener uses a series of algorithms for pre-processing the raw audio signals which are then used to generate targeted synthetics for PatternMasterPrint (the MasterPrint generated by fingerprints with a specific pattern). Importantly, PrintListener went through extensive experiments "in real-world scenarios," and, as mentioned in the intro, can facilitate successful partial fingerprint attacks in better than one in four cases, and complete fingerprint attacks in nearly one in ten cases. These results far exceed unaided MasterPrint fingerprint dictionary attacks. Stay on the Cutting Edge Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news -- and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox. [ ][ ]Contact me with news and offers from other Future brands[ ]Receive email from us on behalf of our trusted partners or sponsors[Sign me up] By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. Mark Tyson Mark Tyson Social Links Navigation Freelance News Writer Mark Tyson is a Freelance News Writer at Tom's Hardware US. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason. More about cyber security Router Russian military botnet discovered on 1000+ compromised routers -- FBI deactivated Moobot by taking control of impacted routers Example of the data an attacker is able to access, left behind in a GPU's VRAM Graphics card flaw enables data theft in AMD, Apple, and Qualcomm chips by exploiting GPU memory Latest Samsung Arm, Samsung working together on next-gen 2nm chips -- will co-optimize Cortex-A and Cortex-X cores for gate-all-around transistors See more latest > See all comments (8) [ ] 8 Comments Comment from the forums * TechLurker Reads very much like a spy thriller, where they figure out how to duplicate fingerprints to get past a security system. I'm not surprised. That said, I wonder if this only works on smooth screens, since cracked glass/plastic screens and screen protectors would definitely alter the sound, and the fact that more phone users nowadays don't bother with a protector given steady improvements to screen glass durability. Reply * Notton I can't even unlock my own phone when my hands are dry/moist compared to when I enabled the finger print reader. Reply * COBANNVS If they go through all that trouble get my fingerprints, they can just have it Reply * Blackink Notton said: I can't even unlock my own phone when my hands are dry/moist compared to when I enabled the finger print reader. You could use this software then!! Reply * umeng2002_2 Biometrics are not safe, just convenient. They also aren't protected by the 5th Amendment. Passwords are. Reply * PEnns On a similar subject: Many people, and I'd say 100% of hackers and their researcher friends assume that you can unlock a facial recognition phone easily (say, by knocking out the victims and pointing the phone at their faces) Except: Some phones (The IPhone for example) requires Attention for Face ID, See picture below. And furthermore, they expect the person to have their "regular" face on when unlocking the device. This can be easily made almost impossible, if phone owner uses a specific face, a really frowning face for example! Feel free try it. Reply * palladin9479 umeng2002_2 said: Biometrics are not safe, just convenient. They also aren't protected by the 5th Amendment. Passwords are. Yep, biometrics are quite easy to bypass by an active attacker, they really only thwart passive opportunistic attacks like someone's friend, coworker or significant other trying to snoop around an unattended phone. At this point just assume your phone is already 100% compromised and anything on there is available for the entire internet to see. Privacy is important, it's one of those things that once you give it up, you can never get it back. Reply * geof2001 Makes me think those bio metric readers that are like sticking your hand in goo that read your whole hand might not be such a far off scifi method of security. Reply * View All 8 Comments Show more comments Most Popular [missing-im]Elon Musk reminisces about the time Jensen Huang donated a DGX-1 to OpenAI, shares photo gallery By Mark TysonFebruary 20, 2024 [missing-im]Not all RTX 40-series Super GPUs use the new 12V-2x6 connector -- new images of 16-pin "H++" power connector emerge By Aaron KlotzFebruary 20, 2024 [missing-im]Crucial takes aim for the sweet spot with DDR5 Pro Memory Overclocking Edition running at DDR5-6000 By Zhiye LiuFebruary 20, 2024 [missing-im]Scammer gets creative and ships women's shoes instead of Nvidia RTX 3060 Ti By Zhiye LiuFebruary 20, 2024 [missing-im]Dutch government minister talks about China's military advantage -- May point to stricter sanctions in the future By Anton ShilovFebruary 20, 2024 [missing-im]GlobalFoundries gets 1.5 billion from CHIPS fund, $600 million from NY state By Anton ShilovFebruary 19, 2024 [missing-im]Wyze security failure let 13,000 customers see into other users' homes By Ash HillFebruary 19, 2024 [missing-im]Following reports indicating a Q1 2025 Nintendo Switch 2 release, Nintendo's JP stock drops by over 5 percent By Christopher HarperFebruary 19, 2024 [missing-im]Show off your CPU and M.2 SSDs to your friends with these $15 stands By Zhiye LiuFebruary 19, 2024 [missing-im]Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen -- Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks By Mark TysonFebruary 19, 2024 [missing-im]Reddit reportedly selling its users' content to an AI company for $60 million per year By Christopher HarperFebruary 19, 2024 Tom's Hardware is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. * Terms and conditions * Contact Future's experts * Privacy policy * Cookies policy * Accessibility Statement * Advertise * About us * Coupons * Careers (c) Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.