Hackers Use Fingertip Friction Sound To Steal Fingerprints

Researchers have unveiled a new cybersecurity threat that could compromise the integrity of fingerprint authentication systems worldwide.

The method, dubbed “PrintListener,” exploits the sound of fingertip friction on smartphone screens to infer and reconstruct users’ fingerprints, potentially unlocking access to sensitive personal and financial information.

Fingerprint authentication has become a cornerstone of modern security, used in unlocking smartphones, authorizing payments, and accessing secure locations.

However, the team behind PrintListener, comprising cybersecurity experts from prestigious institutions in China and the USA, has demonstrated a significant vulnerability in this widely trusted system.

PrintListener Attack

The PrintListener attack operates by capturing the subtle sound made when a user swipes their finger across a smartphone screen.

These sounds, which vary minutely from person to person due to the unique patterns on each fingertip, can be recorded during regular phone calls or video chats on popular social media platforms.

The researchers then analyze these recordings to extract the fingerprint pattern and, with sophisticated algorithms, reconstruct a detailed fingerprint image capable of deceiving fingerprint scanners.

“Our findings reveal a covert and extensive attack scenario that requires no physical proximity to the victim,” explained Man Zhou, the lead author of the study.

“It’s a wake-up call to the cybersecurity community and the public about the evolving nature of threats in the digital age.”

The study, presented at the Network and Distributed System Security Symposium 2024, involved extensive experiments in real-world scenarios.

Alarming Results

PrintListener could successfully attack up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security settings of fingerprint authentication systems.

This method’s stealthiness and pervasiveness are particularly concerning. It can be executed through mainstream social software with voice and video capabilities, leveraging the built-in microphones in electronic devices like smartphones and tablets.

This means that an attacker could potentially gather fingerprint data from a victim without ever being in the same room or even the same country.

The implications of this vulnerability are far-reaching. Fingerprint authentication is not only used for unlocking personal devices but also for accessing bank accounts, secure buildings, and even crossing international borders.

A breach in this system could lead to identity theft, unauthorized access to secure locations, and significant financial losses.

In response to these findings, the research team has called for immediate action to enhance the security of fingerprint authentication systems.

They suggest several countermeasures, including the development of more sophisticated fingerprint sensors that can distinguish between real and synthesized fingerprints and the implementation of additional authentication factors to reduce reliance on fingerprints alone.

As the digital landscape continues to evolve, so too do the methods employed by cybercriminals.

The discovery of the PrintListener attack underscores the need for continuous vigilance and innovation in cybersecurity to protect against ever-more sophisticated threats.

The research team’s work has opened a new chapter in the ongoing battle between cybersecurity professionals and hackers.

As we move forward, it’s clear that the security of our digital identities will depend on our ability to anticipate and defend against not just the threats we know but also those we have yet to imagine.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.