Researchers who attempted to unlock a murder victim's phone using a 3D-printed replica of one of his fingers were forced to use an alternative method last week, after the models produced were found not to be accurate enough to gain access. The team from Michigan State University was asked by police to gain access to the phone, which was eventually unlocked with a 2D image of the dead man's fingerprints, enhanced manually to fill in gaps in the original image, and rendered on conductive paper.
Both 2D and 3D versions of the dead man's fingerprints were produced, but the poor quality of the original image kept in police files stymied the efforts of the team, led by professor Anil Jain. After a failed first attempt, the team used an image enhancement algorithm to fill in broken lines in the print, allowing them to successfully unlock the Samsung Galaxy S6 involved in the investigation. Fortunately for the team, the phone in question did not require a passcode after failed fingerprint attempts, allowing Jain and his colleagues to keep trying options indefinitely.
Jain and his team at MSU published a technical report earlier this year that detailed the 2D method, explaining how anyone could theoretically unlock a phone with a high-quality fingerprint, a regular inkjet printer, and some conductive paper. At the time, they tested it successfully on a Samsung Galaxy S6, Huawei Honor 7, but couldn't consistently gain access to an iPhone 5S, and Meizu MX4 Pro. Other methods of fingerprint spoofing have also been published, including one that uses latex milk or wood glue.
The Samsung Galaxy S6 didn't require a passcode after failed fingerprint attempts
Smartphone fingerprint scanners work when the ridges in your fingers close small electrical circuits, meaning that standard plastic — and severed fingers — wouldn't unlock a phone. The researchers took this into account, creating the 2D image on conductive paper to allow electricity to pass through it, and coating the 3D replica fingers in a layer of metallic particles. That process involved the use of a $600,000 machine to apply a coating of a conductive metal onto the fingers, which themselves were produced on a $250,000 3D printer.
Despite this high-tech attempt, it was the comparatively simpler 2D fingerprint that ended up unlocking the phone, an eventuality that Jain says should make smartphone manufacturers consider how secure fingerprint scanners are. "Hopefully the phone companies are watching this and they will make fingerprint devices more robust against such simple attacks," Jain told NPR.