Fingerprint cloning

From Paul Rascagneres and Vitor Ventura at Cisco Talos Intelligence:

“Our tests showed that — on average — we achieved an ~80 percent success rate while using the fake fingerprints, where the sensors were bypassed at least once. ... The results show fingerprints are good enough to protect the average person’s privacy if they lose their phone. However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication.”

We all like to get wrapped up in the minutiae of architecting overly secure systems, when in reality a determined adversary will succeed in spite of even our best efforts. Most of us are not facing such a sophisticated or determined adversary, though: most of us just need to latch the screen door.

Permalink.