Hackers Unlock Any Phone Using Photographed Fingerprints In Just 20 Minutes

News
By published

Nobody is safe

(Image credit: ABACUS)

Hackers working for Chinese security company Tencent claim that they have developed a method to photograph a fingerprint on any glass surface and use it to unlock any smartphone, no matter their fingerprint reader technology — in just 20 minutes.

According to the Chinese blog Abacus, Tencent’s X-Lab team showed how this technique works at the recent GeekPwn 2019 hacking conference in Shanghai. X-Lab’s leader Chen Yu asked an audience member to touch a glass and took a photo of the fingerprints.

Yu then ran the photo through an app they have developed in house, which extracts and process the necessary data to clone a physical fingerprint. The team didn’t show the physical cloning process, but we can assume that they used a 3D printer like other people have done in the past. He then proceeded to use the cloned fingerprint to open three smartphones that had been registered with the audience member’s fingerprint — plus two event registration machines that use fingerprint scanners.

Each of those phones used one of the three existing fingerprint scanning technologies: capacitive, optical. and ultrasonic, like the one in the Samsung Galaxy S10. The latter one is especially worrying, since this technology is supposed to avoid this type of hack by scanning the three-dimensional structure of your fingerprint.

Then again, we recently learned that Samsung's Galaxy S10 and Note 10 series could be unlocked by anyone if the phones had a silicone gel screen protector. Samsung subsequently issued an update to address the problem.

While the Tencent hackers didn’t reveal the exact method used to clone the fingerprint, it seems it worked rather fine at the event. Talking to the media after the demonstration, Yu said that the hardware they used to clone the fingerprint only costs about $140. Yu believes that the only defense against this is to clean everything you touch, including all of your phone.

In other words: fingerprint security sucks. And facial identification is not that much better, really. If you are really worried about security, the only thing you can do is probably use a longer password.

See more Computing News
TOPICS
Jesus Diaz
Jesus Diaz

Jesus Diaz founded the new Sploid for Gawker Media after seven years working at Gizmodo, where he helmed the lost-in-a-bar iPhone 4 story and wrote old angry man rants, among other things. He's a creative director, screenwriter, and producer at The Magic Sauce, and currently writes for Fast Company and Tom's Guide.

Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Latest in News
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far
iPhone 17 Pro render
iPhone 17 Pro — 7 biggest rumored upgrades
CAD renderings of the Google Pixel 10 Pro XL
Pixel 10 leak could be good news for all Android phones
More about online security
Hacker using a stolen social security card

Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
A magnifying glass on top of the Steam logo in a web browser

Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop

AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
See more latest
Most Popular
Bernie
I’m a big fan of this offbeat comedy thriller starring Jack Black — and you can stream it free on YouTube right now
Samsung S90D OLED TV on table in living room
7 Tizen OS tips and tricks you need to know for your Samsung TV
Miracle Mile
Prime Video has one of the most unsettling apocalyptic thrillers I’ve ever watched — here's why you should stream it
Jessica Chastain in Molly's Game
I love this crime thriller with Jessica Chastain — but it’s leaving Netflix soon
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far
iPhone 17 Pro render
iPhone 17 Pro — 7 biggest rumored upgrades
CAD renderings of the Google Pixel 10 Pro XL
Pixel 10 leak could be good news for all Android phones