How hackers can breach your handset using only Play-Doh

We normally think of fingerprint scanners used for authentication as an advancement in mobile security. Think again.

A startup company based in China recently showed how hackers with malicious intent can gain unwarranted access to your personal device using only Play-Doh, a popular modeling compound used by children for creating various shapes.

For its assessment, Vkansee tested the Play-Doh on an iPhone’s fingerprint sensor and exhibited how the device can be unlocked by just replicating an owner’s fingerprint through the molding compound. The replica on the Play-Doh compound was then thrust to the iPhone’s Touch ID fingerprint scanner and guess what, the device was unlocked.

The use of Play-Doh as a tool to hack a smartphone, and an iPhone at that, raises concern over the level of sophistication among devices sold by Apple, which boasts of its keen focus on security. More to the point, the demonstration reveals what existing biometrics tools lack: a high level of complex systems to prevent any compromise.

Apple has a pre-published reply to the issue. According to a section on its website, it believes each fingerprint is unique and even rare that the possibility of having alike two fingerprints is far more remote than we can think.

One solution to this fingerprint scanner vulnerability is a fingerprint sensor that will be installed under the glass of the device. This will resist any attempt at hacking the biometrics-based verification tool. Existing fingerprint sensors have to be installed by cutting a hole in the phone.

Vkansee explains that a fingerprint sensor sitting under the glass will prevent hacking attempts because of the third level details approach, meaning the sensor will determine the thickness of ridges on the user’s finger and other unique characteristics of the finger.

Read also: Biometrics or multi-factor verification: what’s the best security approach?

Current biometrics infrastructures are indeed too simple to hack. Manufacturers should begin to take security seriously by ramping up the level of sophistication in their biometrics systems. At present, there is an ongoing pursuit for more advanced biometrics methods to verify the identity of users who try to access a device. There is iris scanning that will make use of a phone’s camera to authenticate an identity. Others plan to resort to gestures as a way of identifying unique behavioral traits.

With all these becoming a reality, will the fingerprint scanning method be finally ditched? Only time can tell. But at present it seems highly unlikely. Instead, fingerprint sensors must increase in their level of complexity.