Researchers from China and the US found that the sound of phone swiping can reveal users' fingerprints. Essentially, they used an attack scenario on the minutiae-based Automatic Fingerprint Identification System (AFIS), called PrintListener. This experiment used the sounds made by users' fingerprint friction while they were using social media or other apps on their phones.
In the scenario, the researchers recorded friction sounds from participants on a protected Google Pixel 4, showing unique fingerprint patterns. In an evaluation, 65 participants aged 18 to 30 were recruited to highlight the potential risks of this method. The original recording is filled with redundant information, and sound traits are affected by users' physiological and behavioral features. It was explained that once the finger swipes, it will generate a roughness noise involving friction, dynamics, and acoustics.
As a result, it was proven that the attack scenario has a strong attack power on fingerprint authentication. Namely, they found thatIt can attack up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR setting of 0.01%.
Fingerprints serve as a common method for personal authentication, used in unlocking phones or approving online transactions. However, if attackers obtain users' fingerprint data, it could facilitate their malicious activities. Thus, some ways to prevent such attacks would be to swipe phones while making video or audio calls or use screen protectors with glossy surfaces, which are proven to have a weaker sound.