Police Unlock Murder Victim’s Samsung Galaxy S6 With Paper Printout Of Fingerprint
It took several tries and pricey equipment for this to work. The detectives brought the phone and a copy of the victim's fingerprints to Jain with the hope that by unlocking the handset, they'd discover clues about who killed him. Jain, along with doctoral student Sunpreet Arora and postdoctoral student Kai Cao, worked for several weeks on the task before finally doing what they had set out to do.
Part of the challenge in defeating the fingerprint sensor is that any copies of the victim's fingerprints have to be able to conduct electricity, just as human skin can. All those ridges and valleys in a fingerprint make different electrical currents, which fingerprint scanners use to create unique images.
The first thing Jain and his team tried was printing out replicas of the fingerprints on file using a special conductive paper. It was a failed effort, so the researchers switched gears and created ten 3D printed replicas of the victim's fingertips with copies of his fingerprints embedded into them. A separate machine then applied silver and copper coatings to see if either one would work.
Making the 3D replicas took 40 minutes for each finger on a machine that costs $250,000. The machine that applied coating costs $600,000, so between the two there's $850,000 worth of hardware involved. Even so, it didn't work.
So what did work? For their third attempt, the researchers used an image enhancement algorithm to create more precise replicas of the fingerprints. They then printed out the high-quality images on the same conductive paper used before, only this time their effort was successful in unlocking the Galaxy S6.
By going this route, law enforcement was able to sidestep the thorny issue of privacy and what legal remedies might be at their disposal in forcing a company like Samsung to assist with unlocking a phone it manufactured. However, it also underscores that biometric security has a long way to go before being considered truly secure.
Had this been an iPhone, the method probably wouldn't have worked, not at this pace anyway. After a certain amount of time goes by since last unlocking an iPhone, it will ask for a PIN code, even if using Touch ID.