Threat: Researchers at Michigan State University have developed a method to print scans of lifted fingerprints using a common inkjet printer. Anyone in possession of this print can unlock the associated device. While the ink and paper must be of a special type (AgIC) they are readily available from online retailers, as are latent fingerprint kits.
Risk: Fingerprint biometric security is being used increasingly for unlock and payment on mobile devices. All the flagship phones released in 2016 include the technology. A hacker with access to your phone can gain access to your on-line accounts that send password reset links to the email accounts set up on that device. It will also allow the hacker to reset accounts that require a 2nd factor of identification provided through a text message sent to the device.
Real World Scenario: A thief steals your phone and lifts your fingerprint from the back of the device or your coffee mug. They scan and print your fingerprint to unlock the device. Once unlocked they gain access to your financial and personal accounts by resetting the passwords on these accounts. They have an idea of what accounts you have by looking at the apps installed on the device.
Mitigation: While many bloggers like to hype the security flaw in an effort to attract readers, it is important to note that the hacker must have physical control of your device for an attack to occur. They also have to lift the print of the finger used to unlock the device. Most likely this attack will be targeted to you specifically. As such, the physical security of your phone, laptop, or PC that uses fingerprint biometrics becomes paramount. Also, remote wiping abilities of these devices becomes more important and should be considered sooner rather than later when you have misplaced your device. With this in mind, regular backing up or syncing of the valued personal data on these devices should be implemented.
More Info:
Link to Original Technical Report from MSU
Link to YouTube video demonstrating the process
