Sihai network

What's the matter with orange peel second to unlock fingerprint? Fingerprint unlocking is a big hidd

Recently, an online article and video about "a piece of orange peel can open your mobile phone fingerprint lock in seconds and transfer payment" attracted wide attention. It was said in the article that a simple orange peel could unlock the mobile phone. It's just amazing. What's the matter? Let's take a look at it together with the small editor of sihai.com.

Stranger

Unlock

The technician first records a fingerprint with a mobile phone;

Confirm that only the fingerprint record just entered in the mobile phone, that is, only the left thumb of the technician can unlock the lock.

Try it on a different person.

After some processing, reporters who did not input fingerprints before were able to unlock the machine.

Nowadays, the relationship between mobile phone and people is more and more close. Many personal information, bank accounts, payment applications are stored or bound to their own mobile phones, so people pay special attention to the security of mobile phones. Fingerprint verification undoubtedly adds a defense line to our personal privacy and property security.

However, is this seemingly safe defense really safe?

Recently, an online article and video about "a piece of orange peel can open your mobile phone fingerprint lock in seconds and transfer payment" attracted wide attention. It said that for mobile phones that need fingerprint verification, anyone's fingerprint can be unlocked, even an orange peel, by using some simple processing methods.

'I found that everyone could unlock it'

Not long ago, Xiao Xu, from Anhui Province, fell to the ground with his mobile phone, causing cracks in the fingerprint touch key. To his surprise, everyone else could unlock his mobile phone with his fingerprint. Not only that, some payment applications in Xiaoxu mobile phone can only be used by fingerprint identification, and unfamiliar fingerprints can also be verified and used.

Xiao Xu told CCTV reporters: 'my cell phone accidentally fell and fell to the ground. I saw a crack on it. I thought fingerprint was useless. But later it was found that fingerprint can still be unlocked and fingerprint payment can be done. The next day, my classmate touched my mobile phone and unlocked it. At that time, I was a little confused. Because he used my mobile phone for the first time, why can he unlock it? After a try, I found that everyone can unlock it and pay for anything. '

Later, Xiaoxu immediately contacted the mobile phone manufacturer, who blocked the fingerprint function for Xiaoxu.

Technicians of a technology company in Suzhou saw the online video. After learning about this, they simulated the crack pattern of the fingerprint touch key of the mobile phone in the laboratory. After many tests, they found that the fingerprint lock can be cracked even if the mobile phone is not damaged. Even if an orange peel is used, it can be verified.

Longan and napkin also passed the verification

Is this situation because the mobile phone is damaged by falling, leading to misjudgment of fingerprint verification? And can a piece of orange peel be used to unlock the phone through fingerprint verification, can it indicate that there is a certain security vulnerability in fingerprint verification system?

The reporter contacted the publisher of this information. In the laboratory, the technicians demonstrated the process of cracking.

The technician said: 'I'll take a fingerprint with this phone first. Now you can see that there is only one finger (fingerprint record) in it. Only the thumb of my left hand can unlock the lock. Try it on a different person. '

The reporter said: 'I can't understand this. '

However, after some processing, reporters who had not entered fingerprints before were able to unlock the phone. Subsequently, the technicians will test some mainstream brand mobile phones one by one. Without entering the fingerprint in advance, the reporters will unlock and turn on these mobile phones one by one with their own fingerprint successfully.

In addition to fingerprint boot, using fingerprint verification for payment and transfer is also a common application used by many people at present. The reporter took out his mobile phone and turned on the function of fingerprint payment. After that, the technical personnel carried out some operations on the reporter's mobile phone. Next, in addition to the fact that the reporter can transfer by fingerprint, it can also be verified that the fingerprint can be replaced by items such as longan, orange peel or even napkin.

Pattern key on fingerprint touch key

According to the clue of the crack of the fingerprint touch key reflected in the online video, the technicians have carried out many experiments in the laboratory by simulating the crack pattern, and found that the key to crack the fingerprint verification lies in the pattern on the fingerprint touch key. So technicians take a small piece of adhesive tape or popular fingerprint stickers on the market, and use conductive pen on the back to form a pattern, and stick it to the fingerprint verification part of the mobile phone. As long as the owner's fingerprint touches this adhesive tape or fingerprint sticker, after unlocking and starting up several times successfully, others can start up at will.

Li Yangyuan, a technician, said: 'the crack itself will form some patterns on the sensor, while the film (adhesive tape or fingerprint paste) and the conductive medium on the film will form certain patterns for the sensor, because this pattern is in front of the finger, and it will replace the finger pattern. Finally, the signals received by the software system have included these pattern components, which is the diagram it certifies. '

That is to say, the technicians believe that the information received by the fingerprint sensor contains the conductive coating on the fingerprint, not the fingerprint of the main finger. In fingerprint comparison, as long as some of the same information can be verified. So as long as it is processed, other people's fingerprints can also be verified.

Feng Jianjiang, associate professor of Automation Department of Tsinghua University, said: 'the early fingerprint identification technology, such as ID card, attendance, and public security criminal investigation, is based on the principle of looking at some detail features on the fingers. But this technology is not widely used in mobile phones now, mainly because the area of mobile sensors is very small and the information is very little, so the industry began to adopt a new scheme: using the pattern itself. '

Notebook and security door have similar hidden dangers

Nowadays, fingerprint verification is not only used in mobile phones, but also in some types of laptops, even in the electronic locks of anti-theft doors. So in these areas, is there such a vulnerability in fingerprint verification?

On a laptop, technicians daub the back of the fingerprint sticker with a conductive pen, and then stick it to the touch key for fingerprint verification. Later, the owner of the computer set up the fingerprint boot in the system of the computer and input his own fingerprint. Next, someone else turns on the computer, tries it with fingerprint several times, and it can also pass the verification and turn on the computer.

Then, the technicians tested a certain door lock and found a similar hidden danger.

Experts suggest that although this vulnerability involves different products in different fields, if your fingerprint touch key is not damaged or pasted, it can be used normally without worrying too much. At the same time, experts also remind you that if you are concerned about security, try not to use fingerprint stickers. In addition, it is better to check whether there are other foreign matters or patterns on the touch key before using fingerprint verification.

It is understood that the Ministry of industry and information technology, the General Administration of quality supervision, inspection and quarantine and other relevant departments have been involved in the investigation, and journalists will continue to pay attention to it.