How does an orange peel unlock fingerprint recognition? The key lies in the conductive pen coating

Recently, the incident of Orange Peel unlocking fingerprint recognition has been all over major social forums and media. Many mobile phones have not escaped this bug. Many people said that they felt terrible after watching the video and called on "experts" to explain the principle of fingerprint recognition being cracked.

The incident originated from the experience of a B-station up-master (suspected of hype). After the fingerprint of the mobile phone was cracked, it was found that anyone could unlock it.

This article records the principles, security, expert responses, and how to prevent

Let me sound the alarm first: not only orange peels, but anyone's fingerprint can easily unlock your phone, even a wet napkin can easily unlock your phone.

Not only that, WeChat transfers are also OK

How to do it

Put a piece of transparent tape on the fingerprint recognition area of ​​your phone

Unlock it with your finger a few times and you will find out.

No need to enter fingerprint, anyone can unlock your phone.

Here’s how it works

After Apple installed fingerprint recognition on iPhone 5s, it released a 33-page security white paper to ensure that everyone can use it with confidence.

According to the white paper, Apple has divided a Secure Enclave in the A7 chip to manage, verify, and store user fingerprint information. Secure Enclave is an independent system with its own secure boot sequence and software upgrade mechanism. When the user presses the Home button, Touch ID will perform an 88x88 pixel, 500 ppi raster scan, and the data will be temporarily stored in the encrypted memory of the Secure Enclave, waiting for vector analysis.

Apple releases Touch ID security white paper

Important

Touch ID will continuously learn the user's fingerprints from various angles and add new nodes to the existing fingerprint map.

Go back to the previous step

This small amount of material we put on the tape forms a conductive layer

The information received by the fingerprint sensor includes this conductive layer, which is not entirely your fingerprint. When comparing, as long as part of the information is the same, the verification can be passed.

At this point the software system has already learned the conductive pattern

This pattern will always be on the fingerprint sensor, and you can unlock it by just touching it with your finger.

safety

Some people say that this problem is groundless. So, is there any hidden danger if you continue to use the phone after there is a crack in the fingerprint area?

You may ask, is this layer a very rare and magical substance?

No, you can buy a lot of them on Taobao for around 20 yuan.

The three most common fingerprint recognition methods we are exposed to are: optical recognition, capacitive sensor, and biometric radio frequency.

• Optical recognition is commonly seen in fingerprint card machines, which are early fingerprint recognition technologies. Light hits the finger and then reflects back to the machine to obtain data. This method collects feature points on the finger, which is different from the principle of mobile phone modules.

Optical recognition can only reach the epidermis of the skin but not the dermis, and is greatly affected by whether the surface of the finger is clean.

• Capacitive sensors are the most commonly used fingerprint recognition method. They use the bumps and depressions of fingerprints, but require the fingers to be relatively clean. In addition, the sensor surface is made of silicon material, which is relatively easy to damage.

This method cannot prevent the fingerprint security issue this time.

•Bio-RF and Ultrasonic Bio-RF uses radio frequency signals to obtain fingerprint images, while ultrasonic waves emit ultrasonic waves to the surface of the finger and then receive the reflected echoes.

Finger ridges and grooves will produce different ultrasonic signal echoes, and the echo signals can be processed to obtain fingerprint image data. Ultrasonic fingerprints can prevent this security loophole, however.

At present, only a few companies use ultrasonic sensors, and the technology is not very mature.

Why did the liveness detection fail?

Biometric radio frequency has been installed since the iPhone 5s was equipped with capacitive fingerprint recognition. Currently, most capacitive sensors used have liveness detection function.

To understand why orange peels can evade liveness detection, we need to understand the principles of fingerprint recognition.

Capacitive sensors are the most commonly used fingerprint recognition method. They make use of the convex and concave surfaces of fingerprints. Since Apple acquired AuthenTec and began to popularize their solutions, manufacturers that generally use capacitive sensors will also be equipped with biometric radio frequency sensors.

The structure of the capacitive fingerprint recognition module can be seen from the figure.

Because the RF sensor is the lower part of the capacitive sensor and its sensitivity is generally very high, it should be able to identify non-living things such as orange peels.

However, please note that the person's finger in the video is pressed on top of the orange peel, that is, the dead skin on the surface of the finger and the orange peel are passed through by the bio-RF sensor together, and finally the living finger behind it is identified.

###Expert response: "Cracking experiments" are not practical in reality

In fact, in addition to mobile phones, laptops, electronic locks of anti-theft doors, etc. all use similar fingerprint verification methods. Under the test of technicians, they can be unlocked at will by relying on transparent tape and conductive pens.

In fact, in the process of opening fingerprint verification, the most critical thing is not the transparent tape, but the conductive pen coating.

The technicians said that when the owner touches the conductive coating to unlock the phone, the information received by the fingerprint sensor is actually the conductive coating, not the fingerprint of the finger. The coating will gather to form a fixed pattern, and combine with the owner's fingerprint to update the new pattern into the fingerprint template.

"This takes advantage of the characteristics of current smartphone fingerprint algorithms," said Li Yangyuan, CTO of Suzhou Mindray Micro. In order to provide a better and faster user experience, fingerprint unlocking currently only requires a small portion of the fingerprint to match the owner's fingerprint to turn on the phone, and the fingerprints recorded in the phone are constantly being updated and optimized. At the same time, the fingerprint will not distinguish whether it is a human body or not, as long as it matches the pattern, it can be unlocked. There is also the example of an orange peel being able to unlock fingerprint recognition.

Feng Jianjiang, associate professor at the Department of Automation at Tsinghua University, said in an interview that this situation occurs because of the small area of ​​the sensor. The fingerprint recognition technology used in mobile phones only requires partial information matching to pass. Compared with the traditional fingerprint recognition technology used in public security criminal investigation, attendance and identity cards, the verification is not strict.

Regarding this issue, industry insider Nemo explained that this situation actually occurs due to the "self-learning" function of fingerprint recognition. However, in the video, the "orange peel" image is added to the fingerprint template through self-learning, and it takes at least dozens of "learning" times to achieve the unlocking effect. Such "cracking" is too difficult to operate in real life.

Some netizens said, "For the exploration of the boundaries of technology, this can be said to be a very meaningful event. However, in terms of the logic of daily use, this kind of cracking is actually difficult to establish. Who would allow someone to put a piece of tape on their phone, unlock it three times, and then lend it to others?"

what to do

Now, we can only wait for the investigation and the manufacturer's ROM update...

1. Turn off fingerprint unlocking and start password function

2. Don't let your phone out of your sight, and try not to use fingerprint stickers. Of course, this method may be unsuitable for naughty children...

Therefore, if the fingerprint function area is damaged, be sure to turn off the fingerprint function in time.