6

I'm afraid that if I will lose my laptop while turned on, somebody might take the fingerprint off the screen or somewhere else and unlock my laptop with the fingerprint sensor.

Is this a valid concern?

user34692
  • 61
  • 1
  • 2
  • 1
    Modern fingerprint scanners read pulse along with fingerprint. That was not the case with the CCC hack on iPhone touchID. The guy mentioning it below is misinformed. Modern fingerprint scanners (like on your macbook) are not so trivial to bypass. – user2497 Feb 12 '18 at 10:57

2 Answers2

3

Your concern is perfectly valid in theory.

I am not an expert in fingerprint recreation, but a I've read quite a few articles where people have successfully hacked in devices using the fingerprint sensor via one of the following methods -

  1. A high resolution picture of a finger. Link - https://gizmodo.com/chaos-computer-club-says-they-can-hack-your-fingerprint-1675845311
  2. Using a material to store the host's fingerprint like rubber cement or silicon gel. In fact the attacker can even use tape or the imprints left on a keyboard to recreate a fingerprint which will easily pass through as legit.

The reason it is easy is because finger print recognition like face recognition is a 'not such a great way of authentication' on the level of personal applications. The fingerprint sensor is essentially a camera that takes a close up image of the finger and its valleys. So in the way face recognition fails when you use a printed picture to pass through it, one can pass through fingerprint sensors. It works well in places where you are authenticating yourself in front of a guard, like in military or research bases. At the level of personal items they are more of a convince like me using my fingerprint sensor on my phone to not spend time unlocking my phone via a pattern or a password. Surely one can't 'read' or 'guess' my fingerprint but if an attacker is good enough, any fingerprint sensor isn't good enough. That perfectly brings me to my final point.

To quote an expert who was being interviewed at DEFCON, "A dangerous hacker is a black-belt martial artist, if he chooses to beat you up, there isn't much you can do unless you know it firsthand." Same goes for hacking, if you are really concerned and think that someone is after your data, use a good password and set up a few more steps that ensure your data is safe and not in wrong hands. If you think otherwise, use it as a convenience.

  • No, the new sensors sense for pulse with (invisible) light. The old CCC hack against iPhone 5s’ sensor required special (but easily obtainable) capacitative plastic film. It wasn’t just a scan. Today you’d need to shave a mouse, glue the film with the fingerprint to its naked backside, and swipe it. Terrible. – user2497 Feb 13 '18 at 21:24
  • That’s a real living mouse eating cheese, not a computer mouse :-) – gnasher729 May 25 '20 at 14:00
  • @user2497 Which iPhone uses the modern sensor? My iPhone 8 can be unlocked with a rubber glove if I train it with it on, so I don't buy the whole "can't unlock it with a rubber fingerprint" thing. – user Feb 04 '21 at 19:53
  • But you are fingerprinting a glove not your finger, reproducing a fingerprint with rubber is very difficult if not impossible (at the time of writing). – nethero Feb 05 '21 at 12:49
0

The sensors are always improving so the answer will change over time. For example, photos don't fool iPhone Face ID because of infrared mapping, and in the future perhaps it'll use Lidar for more precise mapping, which is available on the iPhone 12. The M1 Macbook has a new touch sensor with added security.

a5af
  • 101
  • 1