Chinese Hackers Can Bypass Any Fingerprint Scanner in 20 Minutes

Users of almost any Android smartphone, as well as owners of iPhones up to and including the iPhone 8, may be at risk. Chinese hackers claim they can bypass any fingerprint scanner in just 20 minutes.

Experts demonstrated how to hack a scanner using equipment costing $140 and an app designed to capture a user’s fingerprint.

How the Hack Works

The method for bypassing authentication was discovered by the X-Lab research team at Tencent. The experts showcased their fingerprint scanner hacking technique at the GeekPwn 2019 conference in Shanghai.

Chen Yu, head of the X-Lab team, asked random conference participants to touch a piece of glass. The fingerprints left on the glass were then photographed with a smartphone and uploaded to a custom app developed by the hackers.

The app’s purpose is to extract the data needed to clone the fingerprint. Presumably, a 3D printer is used for this process, although the exact methodology was not disclosed for security reasons.

Successful Demonstration on Multiple Devices

The fake fingerprints created during the process were used to unlock three different smartphones. Notably, all three devices used different fingerprint scanning technologies: optical, ultrasonic, and capacitive.

The entire process—from capturing the fingerprint image to unlocking the smartphones—took the experts only twenty minutes.

Later, Chen Yu explained that his team used hardware costing $142 for the demonstration.