Researchers Find Critical Vulnerability In Optical In-Display Fingerprint Sensors, Allowed Attackers To Unlock Devices Instantly

In-Display Fingerprint sensors seem like an upcoming trend in smartphones. Conventional fingerprint sensors have become quite reliable over the years, but it’s still limited by design. With conventional fingerprint sensors, you need to locate the sensor and then unlock your phone. With the scanner placed under the display, unlocking the device feels much more natural. The technology is still in its infancy and hasn’t really matured yet, but a few companies like OnePlus have already put out phones with In-Display fingerprint sensors.

Optic sensors used in most of the In-Display  fingerprint scanners these days aren’t very accurate and some researchers even discovered a big vulnerability in them, which was patched recently. The vulnerability discovered by Tencent’s Xuanwu Lab gave attackers a free pass, allowing them to bypass the lock screen completely.

Yang Yu, a researcher from the same team stated that this was a persistent problem present in every In-Display Fingerprint scanner module they tested, also adding that the vulnerability is a design fault of In-display fingerprint sensors.

Threatpost reports that Huawei patched the vulnerability in September along with other manufacturers. 

How Does The Exploit Work?

Many of the In-Display Fingerprint sensors use optic sensors. These sensors usually take low resolution pictures to resolve data. Whenever a finger is placed on the scanner, the display’s backlight lights the area up and the optic sensor traces the fingerprints.

Touching that specific place on the display will definitely leave fingerprints, so the researchers found out, putting an opaque reflective material over the in-display sensor unlocked the given device. This reflective material when put in contact with the scanner, reflected a lot of light back into it. This tricks the optical scanner which unlocks the phone taking the fingerprint residue as an actual fingerprint.

Normal Fingerprint scanners based on capacitance sensors aren’t vulnerable. It’s true that both optic and capacitance sensors are based on image generation, but their methods differ. Capacitance scanners actually use electrical current instead of light.

Fix For The Issue

Researchers while talking to Threatpost stated that they discovered the vulnerability in February and immediately notified the manufacturers. Since then phone makers have improved their identification algorithm to patch the exploit.

For average users this shouldn’t be a problem as the exploit isn’t a remote one. The attackers would need access to your phone, but this exploit can concern people with sensitive data.

Indranil Chowdhury
Indranil is a Med school student and an avid gamer. He puts his absolute faith in Lord Gaben and loves to write. Crazy about the Witcher lore, he plays soccer too. When not playing games or writing, you can find him on 9gag spreading the Pcmasterrace propaganda.

Expert Tip

Researchers Find Critical Vulnerability In Optical In-Display Fingerprint Sensors, Allowed Attackers To Unlock Devices Instantly

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested