Some In-Screen Fingerprint Sensors are Easily Fooled
Security is extremely important when it comes to smartphones. Today, the average smartphone contains a person’s banking information, social media accounts, personal photos, and even health information. Once the lock screen is bypassed, you have access to so many aspects of a person’s private life. This is why new security features related to the lock screen must be highly secure. The latest evolution of lock screen technology is the in-display fingerprint reader. On top of a PIN, password, or pattern, you can set up fingerprint unlock on your phone (if the hardware is there); fingerprints can also be used to unlock access to many apps and payment systems besides just the lock screen. Unfortunately, some in-display fingerprint scanners aren’t as secure as you might think if they are a particular type.
In-Display Fingerprint Sensor Bypass Demo
The video above shows footage of a method being used to bypass authentication on a typical optical in-display fingerprint scanner found on several different phones. This exploit is performed by holding up an ink fingerprint of the victim captured on a transparent plastic sheet (like a plastic wrap for food preservation). The video demonstrates that pressing the captured fingerprint to the sensor immediately unlocks the device. The process is easy for anyone determined to get access to your data:
- Capture the victim’s fingerprint on a clear plastic sheet
- Place the fingerprint over the in-display sensor
- Press your finger onto the thumbprint and unlock the phone
Why Does this Work?
This exploit is possible because of the way in-display optical sensor work. It does not work on the old traditional sensor that you’d find on the chin, back, or side of a smartphone. The reason for this is traditional sensors use capacitive technology (such as those found on the OnePlus 5/5T/6, most Samsung Galaxy phones prior to the S10, and all Pixel/Nexus phones), while most of the new in-display sensors use the less-secure optical scanners. The optical scanner essentially uses a tiny camera under the display to capture an image of your fingerprint. If the image matches your stored fingerprint, the screen is unlocked. Since optical sensors rely only on the image it captures, it can be beaten by placing an image of a fingerprint on the display.
A more secure, but slower form of the in-display fingerprint sensor is based on ultrasonic technology. This method is more difficult to trick because it uses sound waves to measure a fingerprint’s ridges and valleys. This is more difficult to fool with an image since it requires actual depth within a fingerprint, but it’s still possible to beat.
Avoid Optical Sensors if You Value Security
While the intention of the optical sensor is to relocate the fingerprint scanner to a less intrusive location, there is an alternative way to do this. Some flagship phones are still sticking with capacitive sensors, but are instead moving them to the power button of the phone. This image shows off the power button on the Honor 20 which doubles as a capacitive fingerprint sensor.
This sensor can recognize up to five different fingers and is easy to use with left or right-hand operations even if the phone is facing up (unlike back-mounted capacitive scanners which place the sensor often out-of-reach). This type of side-mounted sensor can be found in many new phones like the Honor 20, Honor 20 Pro, Sony Xperia 1, and Samsung Galaxy S10e. Not only is the capacitive solution more secure, but the optical sensors have been criticized for being much too slow. This can be a frustrating experience for many users that are used to the fast and secure performance of their optical scanner.
Our experience with the improved sensor location on the Honor 20 and Honor 20 Pro proves that the best way forward is capacitive for now until optical and ultrasonic in-display solutions get more secure and faster, respectively. This solution moves the scanner out of the inconvenient locations while maintaining the security and speed that you should expect from a fingerprint scanner. Honor has integrated the ability to trigger the sensors on contact or when you press down on the power button. This lets you customize the experience to your preference.There are several benefits to having a capacitive sensor. The GIF above shows how the phone on the left is much faster to respond than the ultrasonic sensor on the right. Not only is it faster, but it’s in a more conveniently located spot. When the fingerprint sensor is located under the display, you aren’t going to unlock your phone until you have it resting in your hand in a flat and balanced position. Since traditional sensors do not require you to remove your thumb from your grip on your phone, you can unlock the phone in any position as you pick it up. In this case, even sensors located on the back of the phone (as seen on the Honor 20 Lite) are still superior to the ultrasonic alternative.
In the future, we may see improved optical sensor security. In the meantime, users who want to avoid this exploit should make sure that their next phone has a capacitive (or at least ultrasonic in-display) sensor.
We thank Honor for sponsoring this post. Our sponsors help us pay for the many costs associated with running XDA, including server costs, full time developers, news writers, and much more. While you might see sponsored content (which will always be labeled as such) alongside Portal content, the Portal team is in no way responsible for these posts. Sponsored content, advertising and XDA Depot are managed by a separate team entirely. XDA will never compromise its journalistic integrity by accepting money to write favorably about a company, or alter our opinions or views in any way. Our opinion cannot be bought.
Want more posts like this delivered to your inbox? Enter your email to be subscribed to our newsletter.