If you have a smartphone or computer equipped with a biometric security device, particularly one using fingerprints, it just got less secure.
Researchers at Michigan State University want you to know that it doesn't take fancy equipment or a lot of time to create fingerprint replicas that can trick scanners and unlock mobile devices. All they needed was an inkjet printer, conductive ink, and regular paper.
Kai Cao and Anil Jain from the Biometrics Research Group made a video showing how easy it is to print conductive fingerprints from scans. "The worry is that hackers could use similar methods to steal personal identities and other vital information," they wrote.
There's more at the link.
This is of particular concern to almost anyone holding a US government security clearance. Last year the Office of Personnel Management admitted that 5.6 million sets of digitized fingerprints had been compromised by hackers. My own were among them, according to a warning letter I received from OPM a few months ago. Basically, if you've had a law enforcement or military security background check, your fingerprints were probably part of that; and the majority of those digitized records were stolen by hackers, allegedly acting on behalf of the Chinese government.
This may derail the use of fingerprints as biometric identifiers for electronic devices. A fingerprint is forever - it doesn't change with age. That means a 20-something CIA or NSA employee whose fingerprints were compromised as part of this OPM hack will be at risk of them being used against his or her electronic devices up to and even after retirement. If they log in to a computer network using fingerprint authentication, anyone else who can gain access to a terminal of that network can use their fingerprints to impersonate them. If they travel overseas, taking a smartphone or portable computer with them, anyone who can get their hands on that device will be able to use those 'hacked' fingerprints to bypass its biometric identification system - unless that system abandons the use of fingerprints, and moves to something like iris recognition, which is much more complex and expensive to implement on a wide scale.
I don't understand why more heads haven't rolled over the OPM data leak. It's going to be a long-term security headache for this country, in more ways than just fingerprint recognition.