Nowadays, the relationship between mobile phones and people is getting closer and closer. Many personal information, bank accounts, payment applications, etc. They are all stored or bound to their own mobile phones, so everyone pays special attention to the security of mobile phones. Fingerprint verification undoubtedly adds a line of defense for our personal privacy and property security. Because after the owner's fingerprint information is collected and entered, only after the owner verifies his fingerprint can he unlock the trunk or make electronic payment.

But is this seemingly safe line of defense really safe?

Recently, an online article and video entitled "A piece of orange peel can unlock your mobile phone fingerprint in seconds and transfer payment" has attracted widespread attention. It is mentioned that for mobile phones that need fingerprint verification, anyone's fingerprint can be unlocked by some simple processing methods, even a piece of orange peel.

The fingerprint touch key is cracked and anyone can unlock it.

Not long ago, Jamlom from Anhui cracked the fingerprint touch key because his mobile phone fell to the ground. To his surprise, everyone else can use his fingerprint to unlock his mobile phone. Moreover, some payment applications in Jamlom that need fingerprint identification can also be verified and used with unfamiliar fingerprints.

Jamlom: I accidentally dropped my mobile phone. I see a crack on it. I thought this might not work. Then I used it. I found that it can still be unlocked with fingerprints, or it can be used in this way. Alipay can pay by fingerprint. The next day, I played with my mobile phone in class, and my classmates touched the phone to unlock it. I was a little ignorant at that time. Because it's the first time he used my mobile phone, why did he unlock it? Then he tried it and found that everyone can unlock it and find that everything can be paid by mobile phone.

Subsequently, Jamlom immediately contacted the mobile phone manufacturer, who blocked the fingerprint function for Jamlom. A technician from a technology company in Suzhou saw the online video and learned about it. After many experiments, they found that even if the mobile phone is not damaged, after some processing, the fingerprint lock can still be cracked, that is, an orange peel can be used for verification.

Fingerprint stickers can crack the fingerprint lock of mobile phones by tampering.

Is this situation due to the misjudgment of fingerprint verification caused by the broken mobile phone? And a piece of orange peel can be used to unlock the boot through fingerprint verification. Does it mean that there are some security holes in the fingerprint verification system?

The reporter contacted the publisher of this news, and in the laboratory, the technicians demonstrated the cracking process.

Technician: I'll take a fingerprint with this mobile phone first, and my left thumb will be finished. Now you can see that there is only one finger in it (fingerprint record), and only the thumb of my left hand can unlock it. Try it with others.

Reporter: I can't solve this.

After some processing, the reporter who had not entered the fingerprint before was able to unlock the boot. Subsequently, the technicians tested some mobile phones of mainstream brands on the market one by one, and the reporter successfully unlocked the boot with his own fingerprint without entering the fingerprint in advance.

In addition to fingerprint boot, using fingerprint verification for payment and transfer is also an application that many people often use at present. The reporter took out his mobile phone and turned on the function of fingerprint payment. After that, the technicians did some operations on the reporter's mobile phone. Next, in addition to the reporter's own fingerprint transfer, longan, orange peel and even napkins can be used instead of fingerprints for verification.

Technicians said that according to the clues of cracking the mobile phone fingerprint touch key reflected by online video, they simulated the cracking pattern in the laboratory and conducted many experiments, and found that the key to cracking fingerprint verification lies in the pattern on the fingerprint touch key. So the technician takes a small piece of adhesive tape or a popular fingerprint sticker on the market, smears it on the back with a conductive pen to form a pattern, and sticks it on the fingerprint verification part of the mobile phone. As long as the owner's fingerprint touches this tape or fingerprint sticker, after several successful unlocking and booting, others can boot at will.

Technician Li Yangyuan: The crack itself will form some patterns on the sensor. The film (adhesive tape or fingerprint paste) and the conductive medium on the film will form a certain pattern on the sensor. Because this pattern is in front of the finger, it will replace the fingerprint. In this case, the final software system, when it receives the drawings of these pattern components, receives this drawing, and it is certified as a drawing, so it will pass.

Technicians believe that the information received by the fingerprint sensor contains a conductive coating attached to the fingerprint, which is not entirely the fingerprint of the owner's finger. In fingerprint comparison, as long as some information is the same, it can be verified. So as long as it is processed, other people's fingerprints can also be verified.

Feng Jianjiang, Associate Professor, Department of Automation, Tsinghua University: Early fingerprint identification technologies, such as ID card, attendance, public security and criminal investigation, were all based on looking at some detailed feature points on fingers, but this technology has not been widely used in mobile phones, mainly because the sensor area of mobile phones is particularly small and there is little information, so this industry has begun to adopt a new scheme, that is, using the pattern itself.

Fingerprint stickers unlock multi-domain products successfully.

Now fingerprint verification is not only used in mobile phones, but also in some models of notebook computers and even electronic locks of security doors. So in these areas, is there such a loophole in fingerprint verification?

On a notebook computer, the technician smeared the back of the fingerprint with a conductive pen, and then pasted it on the touch key of fingerprint verification. Subsequently, the owner set up a fingerprint guide in the computer system and entered his own fingerprint. Next, others turn on the computer, try it several times with their fingerprints, and they can pass the verification and turn it on.

Subsequently, technicians tested a door lock and found similar security risks.

Experts suggest that although this vulnerability involves different products in different fields, if your fingerprint touch key is not damaged or has fingerprints, you can use it normally, so don't worry too much. At the same time, experts also remind everyone that if you are worried about safety, try not to use fingerprint stickers. In addition, before using fingerprint verification, it is best to check whether there are other foreign objects or patterns attached to the touch keys.

Feng Jianjiang, Associate Professor of Automation Department of Tsinghua University: Be sure to check to see if this is really a trap, and the membrane must be torn off. If the phone is accidentally cracked, there is a simple way at this time, that is, you can try whether your other fingers can unlock it successfully. If it can be successfully unlocked, it means that there is this loophole. It is understood that the Ministry of Industry and Information Technology, the General Administration of Quality Supervision, Inspection and Quarantine and other relevant departments have been involved in the investigation, and the reporter will continue to pay attention.