Researchers from Huazhong University of Science and Technology in China and the University of Colorado Denver in the USA have uncovered a new attack method that compromises the security of fingerprint authentication systems. The attack, called PrintListener, leverages the friction sounds produced by fingers sliding across electronic device screens. This discovery raises significant concerns about the security of biometric authentication, which is widely used in everyday applications.
PrintListener exploits the friction sounds produced by fingers when users interact with their devices. By analyzing these sounds, attackers can infer fingerprint patterns, creating fake fingerprints that fool authentication systems. This method is particularly alarming due to its discretion and effectiveness, as it can be executed through online communication platforms without physical access to the victim's device.
The study by Man Zhou and his team demonstrates that PrintListener can capture fingerprint features through audio recordings obtained during voice or video calls or even through online gaming sessions. By combining these data with advanced prediction and synthesis algorithms, attackers can generate fingerprint sequences known as PatternMasterPrints, which have a high success rate in bypassing authentication systems.
The potential damage from PrintListener is significant. The leakage of fingerprints could lead to the theft of sensitive information, substantial economic losses, and threats to national security. The team's experimental results show that this attack can compromise up to 27.9% of partial fingerprints and 9.3% of complete fingerprints in attempts with high-security settings.
The research highlights the urgent need to develop additional security measures to protect biometric authentication. Possible defenses include reducing the audio sampling rate in communication applications and implementing noise filters to neutralize friction sounds. Additionally, users should be aware of the risks and avoid unnecessary finger swipes during voice or video calls.
In conclusion, PrintListener reveals a critical vulnerability in fingerprint authentication systems, underscoring the importance of advancing biometric security. As technology evolves, so must defense strategies to protect users' privacy and security.