We recently spent many hours (and melted candles) trying to make a fake fingerprint which could fool a Samsung Galaxy S9’s sensor Jailbreak.
Our silicone-based fake fingerprint was cast in a high-fidelity wax mould of a finger registered to unlock the device, and the finished product looked like an impressive recreation.
However, building a 3D prosthetic fingerprint with an accurate pattern of ridges and valleys was not enough to fool the Samsung device.
Modern smartphones use capacitive sensors to authenticate fingerprints, and these sensors measure the relative capacitance between ridges and valleys to create an artificial image of a fingerprint.
The reason our silicone recreation was not recognised was due to its capacitance, as it was not the same as human skin – and was therefore ignored by the smartphone’s touchscreen and fingerprint sensor.
After much feedback from MyBroadband Forum members, we set out to try a new technique – using new materials.
Silicone and graphite
Our first attempt at getting the device’s sensor to recognise our fake fingerprints was to mix graphite powder into a silicone cast of a fingerprint.
As before, a wax mould was made of the relevant fingerprints and the new silicone mix poured in. Once it had set, the fake fingerprint was removed.
This did not make any noticeable change to the prosthetic fingerprint’s capacitance, however, and it was not picked up as a fingerprint by the Samsung Galaxy S9’s sensor.
We then placed the completed silicone fingerprints into graphite power to hopefully increase the capacitance of the surface of the print.
This also failed to work and simply resulted in graphite powder dirtying the sensor on the Galaxy S9.
Gelatine casting
As the wax moulds we used for previous tests resulted in high-resolution casts of our fingers, we opted to continue with this mould material going forward.
The silicone, though, would have to be replaced with a better material.
After consulting a paper from security researchers at the Helsinki University of Technology, we opted to change our casting material to gelatine.
Gelatine has a capacitance of around 20MOhms/cm, which is the same as human skin – giving us the best chance of fooling a smartphone’s sensor.
We created new wax moulds of two separate fingerprints, leaving them to harden before inserting the liquid gelatine mixture.
To create a gelatine cast which was hard enough to stand up to our tests, we mixed gelatine powder and hot water in a roughly 1:1 ratio before allowing it to cool slightly and filling the wax moulds.
These were then placed in the fridge for several hours, after which they could easily be removed from their wax moulds.
The gelatine retained the fingerprint pattern and held up nicely. Aesthetically, they looked the part.
Surprising result
Using our new gelatine prints, we swiped them on the Samsung Galaxy S9’s display to determine if it would pick it up as a valid input.
The prosthetic was picked up perfectly, and was also recognised as a finger by the device’s fingerprint sensor.
However, the Samsung Galaxy S9 would not be unlocked by the fake fingerprint – despite multiple attempts.
As the Galaxy S9 is a high-end Android flagship, we assumed its sensor must be extremely sensitive to small imperfections – so we tried the fake fingerprints on other devices.
Next up was an Apple iPhone 6s, and the fingerprint was once again picked up by the sensor. It failed to unlock the device after multiple attempts, though.
We then ventured on, and selected a Nokia 5. The modern smartphone runs Android 8.0, and falls in the mid-range smartphone segment.
When the fake fingerprint was placed on the Nokia 5’s sensor, the result was almost instant – the device was unlocked.
This fake fingerprint was tested across four Nokia 5 smartphones, and succeeded in easily unlocking all the devices.
The video below shows the fake fingerprint in action.
Although we managed to bypass the biometric security of a mid-range smartphone, the fingerprint sensors on higher-end devices remained impervious to our efforts.
It should also be noted that this type of attack would not realistically occur against the smartphone owner’s will, as it requires a high-resolution mould of their finger set over an extended period of time.