Touchscreen Nightmare: Hackers Can Steal Your Fingerprints By Listening To You Swipe

hackers can steal your fingerprints by listening to you swipe
We already know that your sensitive information, such as passwords, can be nabbed by listening to your keystrokes, which was proven back in August 2023 by a team of British researchers. However, that is not the only information that can be stolen by sound signatures, as it turns out. Now, a team of Chinese and United States researchers, some hailing from the University of Colorado Denver and the Huazhong University of Science and Technology, China, have shown that it is possible to capture partial fingerprints using “finger friction sound.”

Biometric authentication has become quite prevalent, especially in the mobile device market, where there are now in-display fingerprint readers and other technologies. Estimates state that by 2032, the market size of fingerprint authentication will touch USD 99.9 billion. With this prevalence, research into this area could be incredibly useful for those looking to exploit devices for data theft, but also for improving fingerprint technology overall. Akin to the previously mentioned data theft via keystroke sounds, the researchers in this study propose a side-channel attack against swiping actions to get partial fingerprints.

vector hackers can steal your fingerprints by listening to you swipe

The attack, dubbed PrintListener, “leverages users’ swiping actions on the screen to extract fingerprint features and synthesize a stronger MasterPrint sequence based on these features to conduct dictionary attacks on users’ fingerprints.” This can be done via social software with voice and video capabilities, to capture what they call “swiping friction sound.” These sounds can then be fed into a prediction model to reconstruct fingerprint images. While not a perfect system, with the capability to “attack up to 26.5% of partial fingerprints and 9.3% of complete fingerprints,” it is still rather concerning.

Though we don’t expect this to be the hot new attack vector for malicious mobile apps and threat actors, it raises some interesting questions about what we generally trust to be secure. Traditionally, biometrics are just a trusted part of security measures and are not often questioned. However, with this new research discovery, it is now feasible to recreate fingerprints to attack sensitive information, payment apps, or other bits of secure information on a device.