Hackers Can Use the Sound of Swiping to Steal Your Fingerprints

This post is also available in: עברית (Hebrew)

Nowadays, fingerprints are one of the most popular forms of personal identification, whether it’s unlocking your phone, approving online payments, access control, and many more. This means that leaked fingerprints can cause immense amounts of damage.

Researchers from China and the US were able to steal up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts using a “PrintListener” side-channel attack that leveraged the sounds made by users’ fingertip friction while they use social media or other apps on their phones.

“The attack scenario of PrintListener is extensive and covert. It only needs to record users’ fingertip friction sound and can be launched by leveraging a large number of social media platforms,” reads the paper published by the researchers.

According to Cybernews, the researchers began by recording the friction sounds of nine participants against a phone with a matte screen protector. They then moved on to 65 participants aged 18 to 30 and tried to extract important information from finger friction audio.

When the finger swipes on a screen it creates a roughness noise, the production of which involves three factors: the friction between the fingertips and the smartphone screen that amplifies the vibrations, the dynamics of the vibrations between the finger and the screen, and the audible roughness sound that radiates from the finger to the surface of the phone and propagates through the air.

This work extends previous research that demonstrated the vulnerability of fingerprint recognition systems, especially when the attacker has even partial information of the users’ fingerprints. Furthermore, listening to swiping fingers puts attackers at an advantage since they can be stealthy, use mainstream apps and device microphones, and not require extensive training on specific individuals.

The researchers provided some solutions to protect against such attacks, including using a smooth screen protector that produces less noise and creates less friction, trying not to swipe while recording video/audio, or even having the apps themselves destroy finger frictional sound features with automatic speech noise reduction or implement pop-up reminders to caution users to be careful when performing swiping operations while the microphone is in use.