Vkansee, a China-based fingerprint sensor company, has been demonstrating just how easy it is to spoof standard fingerprint readers like those used in the iPhone’s Touch ID system at this year’s Mobile World Congress. At its MWC booth, Vkansee representatives used a plasticine substance to collect fingerprint imprints, and then used them to unlock smartphones.
Of course, a mould first had to be made of the subject’s fingerprint using a special hardening gel, so that the plasticine could be shaped into a likeness of the subject’s finger. It’s a more complicated process than most fraudsters would probably be able to accomplish; but as Vkansee President Jason Chaikin explained to a BBC reporter, “as people begin to use phones for making mobile payments, maybe the level of benefit for creating some sort of fake fingerprint increases.”
Indeed, numerous security experts have expressed concern about biometric data hacking as mobile devices are increasingly being used to transmit sensitive data such as credit card information; moreover, the iPhones’ Touch ID sensors, while impressive, have long been known to have spoofing vulnerabilities. That’s why many companies are now turning to multimodal authentication, which offers a powerful counterbalance against the spoofing threat.
Or, as Vkansee suggests, they could just make their fingerprint scanners more powerful. Chaikin asserts that Vkansee’s sensors pick up “microfeatures of the fingerprint”, making it “very hard to make a fake fingerprint mould”. It’s a straightforward proposition, and with other companies working on sensors that can produce ultrasonic fingerprint scans, Vkansee isn’t the only company looking to thwart spoofers with advanced imaging technology.
Source: BBC News
February 24, 2016 – by Alex Perala