It took just 10 minutes to fool the iPhone’s fingerprint sensor.
The team of cyber experts began by getting the phone user’s fingerprint from a piece of white paper.
They illuminated the print with black powder, then captured it with a high resolution camera.
That image was printed onto a transparent plastic sheet and covered in wood glue. Finally the glue film was peeled away to reveal a counterfeit print.
After 20 attempts, the fingerprint identity sensor had been fooled.
The team was not a band of hackers, but rather a group of researchers from the University of New South Wales (UNSW) in Canberra.
They’re investigating ways to make biometric authentication — such as fingerprint scanning — more secure.
“Once [hackers] capture your biometrics, they can basically go anywhere with it,” UNSW Professor of Cyber Security Jiankun Hu said.
“The risk is really high.”
Despite that risk, biometric authentication is considered more secure, reliable and convenient than passwords, keys or cards — and is predicted to become even more prevalent in the future.
“We’ll be doing more crazy things with [our fingerprints], starting our cars and using them even in retail situations,” said Chantel Tattoli, a freelance journalist who has been researching fingerprinting.
She believes the technology will have benefits for consumers.
“You’re not really going to forget your fingers, like you do your wallet and keys,” she said.
The life of a fingerprint
Tattoli became interested in fingerprints after giving hers to the FBI as part of a background check for a visa.
“How can this be, how can we have this geological-looking event at the tip of our fingers that is supposedly a container of our identity?” she wondered.
She learned fingerprints are formed partly from genetics, but are personalised when our hands touch our mother’s womb.
“It’s not totally understood — it’s a little bit magical, maybe,” she said.
While our fingerprints don’t change during our lifetimes, the ease in which they can be read and detected does.
“When you hit puberty they become oilier, and so the latent fingerprints start to last longer on surfaces,” Tattoli said.
Imagine a single fingerprint as a mountain range with valleys and peaks. The topmost edges of these tiny alps are called the epidermal ridges.
These ridges harden as we age, meaning they can become tougher for sensors to read.
“You see a lot of difficulty with senior citizens going through these [airport] biometric checkpoints … their fingerprints just don’t scan, and it’s not their fault,” Tattoli explained.
Grasping gorillas and crime-scene koalas
Humans are not the only animals with fingerprints. Gorillas and chimpanzees have their own unique prints, as do koalas.
“Scientists think that it happened because like primates, koalas do grasp,” Tattoli said.
“That grasping mechanism apparently had something to do with the evolutionary selection for ridged paws.”
In her research, she came across media reports of koala prints fooling Australian crime scene investigators.
However, a NSW fingerprint expert told her the reports had been exaggerated.
“Anybody who is really a specialist in fingerprints can read the difference,” Tattoli said.
Dusting for prints
Fingerprints were used in China to identify criminals as far back as Qin Dynasty in the third-century B.C.E, but their use in Western law enforcement has a much shorter history.
British Indian Civil Service officer William James Herschel used fingerprints on contracts in the 1850s. (Supplied: Wikimedia Commons)
In the 1800s, Scottish physician Henry Faulds wrote an article for the science journal Nature in which he noted that fingerprints could be used for forensic purposes.
Faulds wrote to Charles Darwin for help with his work. Unwell, Darwin passed the request onto his relative, noted polymath Francis Galton.
“We know him mostly for the phrase ‘nature vs nurture’,” Tattoli said.
Galton collected more than 8,000 prints and developed a system for naming and classifying them.
In 1920s USA, FBI director J. Edgar Hoover ordered the compilation of a national pool of fingerprints, which quickly grew to a database of more than 5 million records.
But with no reliable way to index fingerprints, finding matches could take months.
“It wasn’t until the ’70s and early computer-based systems that the response time became quick enough to prove really helpful,” Tattoli said.
As technology has evolved, the use of fingerprint identification has expanded to areas such as airport checkpoints, computers and phones. Face, voice and iris scans have also become more prevalent.
Without a trace
But Professor Hu warned that if biometrics is the way of the future, then security needs to be strengthened.
If a hacker wants to infiltrate a biometric system, they just have to steal a sample.
Fingerprints, faces and eyes are vulnerable because they can be seen and traced by adversaries.
Professor Hu said systems should require multiple traits, like fingers, voice and face, to make identification more accurate and secure.
Another solution is using traits that are untraceable like a finger vein, which can only be detected with infrared lights.
“Unlike a face or finger that can’t be traced, a finger vein is not visible and is incapable of leaving traces,” Professor Hu said.
He believes a system that also detects a finger’s temperature would stop many artificial prints.
The future of fingerprinting
For many consumers, allowing a bank or phone company to store their biometrics wouldn’t sit well.
“This could be a privacy concern as the storage server in the bank could be hacked,” Professor Hu said.
Fingerprint, face and voice identification systems are expected to become more prevalent in the future. (Getty: andresr)
The cyber security expert said to prevent this a bank or smartphone, for example, could store a transformed image of your fingerprint, not the raw version.
“We massage it and make a different one. And if it has been compromised, the hacker can’t access your raw image or fingerprint.”
That would also mean that the template could be replaced if compromised.
“This works as a revocable password,” Professor Hu said.
But there could be uses for fingerprints that go beyond proving your identity.
Tattoli said there is research into using fingerprints to identify diseases a person may be susceptible to.
“There is a correlation between the patterns and your likelihood to contract certain conditions — everything from gastrointestinal cancer, to schizophrenia, to infertility,” she said.
“What that means is there might be this additional tool for early diagnosis.
“Our identity is mapped on our fingerprints, but also maybe our fate — and also the possibility to do something about it.”