Video Shows OnePlus 7 Pro’s In-Display Fingerprint Sensors Gets Spoofed by Some Glue

“It all helps to make the case for liveness detection, technology designed to ensure that a live user is present for every session of biometric authentication.”

Video Shows OnePlus 7 Pro's In-Display Fingerprint Sensors Gets Spoofed by Some Glue

The OnePlus 7 Pro’s fingerprint sensor can easily be spoofed using basic materials including glue and tinfoil, as demonstrated by the YouTube channel Max Tech. The channel posted a recent video showing how the device’s in-display fingerprint sensor can be fooled by a synthetic fingerprint.

The hacking method involves blotting hot glue onto a piece of tinfoil, pressing the user’s finger against it to leave a fingerprint imprint, and then blotting some lighter white glue onto the imprint. Once that lighter glue dries, it can be used to unlock the user’s OnePlus 7 Pro.

It’s one of the first high-profile instances of an in-display fingerprint sensor being hacked, the one in this case coming from Goodix, which also supplied the in-display sensor for the previous OnePlus 6T smartphone, and has established itself as a leading supplier through other integrations as well. But it’s not the first time OnePlus has suffered an embarrassing security failure: The OnePlus 6 smartphone, from 2018, had its facial recognition system spoofed by a simple black-and-white photo.

It all helps to make the case for liveness detection, technology designed to ensure that a live user is present for every session of biometric authentication. As detailed in FaceTec’s recent white paper, “Liveness Detection: Biometric Frontline or Final Frontier?“, liveness detection has emerged as a critical focus area with the rise of mobile biometrics. Biometric authentication is quickly usurping the passcode as the primary means of authentication on smartphones and other devices, and while it’s certainly more secure than the latter, OnePlus’s latest flagship device helps to illustrate that biometric security is far less secure without liveness detection.

Source: Yahoo News