Fingerprint sensors are rapidly becoming the standard tool for securing mobile devices. Synaptics believes that these sensors typically aren't as safe as users think, however, especially in laptops. To prove its point, the company recently set up a demo in which it quickly gained access to a notebook and a smartphone by means of a tiny $25 device.
The folks over at HotHardware were on the scene for the demo, and report that Synaptics pulled off this hack by compromising the fingeprint sensors on two commercially-available notebooks. The company cobbled together a tiny device out of a microcontroller and a Bluetooth transmitter, and placed it between the fingerprint sensor and host of a pair of notebooks. For one of the notebooks, Synaptics simply placed the device in line with the fingerprint sensor. For the other, Synaptics had to expose pads on the notebook's motherboard and attach the device.
Because the links between the fingerprint sensors and host machines weren't encrypted, the device Synaptics constructed was able to act as a man-in-the-middle and capture an image of the user's fingerprint. From that point on, the company could simply resend the same data to the host machine to unlock the notebook at will. The shenanigans weren't over yet, though. By printing a copy of the stolen fingerprint on photo paper with conductive ink, Synaptics was able to gain access to a smartphone that had been locked by the same user.
Now, most people shouldn't panic about this vulnerability. It requires would-be hackers to gain physical access to a notebook and install a device without being noticed, and once an attacker has physical access to a device, all bets are off to begin with. However, Synaptics thinks that the existence of this vulnerability should make consumers wonder why end-to-end encryption isn't used more commonly for fingerprint authentication, and suggests that they look for products that employ its SentryPoint anti-spoofing technology. It's hard to argue against more robust security practices and more secure biometric devices, considering how much damage malicious parties could do with not only users' personal data, but also their fingerprints.
|The Tech Report System Guide: September 2017 edition||3|
|Intel shows off 10-nm Cannon Lake wafer and talks process tech||15|
|AOC Agon AG322QCX offers 32" of gaming goodness on the cheap||10|
|Aqua Computer Cuplex Kryos Next block is ready for Threadripper||8|
|Amazon's Kindle Fire HD 10 gets a meaty hardware upgrade||16|
|Noctua NH-L9a-AM4 and NH-L12S are ready for little boxes||8|
|Gigabyte's X399 Designare-EX adds Thunderbolt to Threadripper||14|
|No, you can't enable Threadripper's extra two dice||52|
|International Talk Like a Pirate Day Shortbread||29|
|For some users, though, Apple's commitment to maintaining the software on its devices as they age is an even more compelling reason than hardware for...||+34|