Whether a testament to the accuracy of 3D printing technologies or the vulnerability of the Samsung Galaxy S10’s unlocking system, a recent experiment by Imgur user [darkshark], which used a 3D printed fingerprint to unlock the smartphone, has gained significant media attention.
Recreating one’s biometrics may not just be for spies and detectives nowadays, as increasingly sophisticated technologies like 3D scanning, modeling and printing, are enabling people to get through advanced security features on smartphones.
In this most recent example, [darkshark] set out to unlock their Samsung Galaxy S10 using a 3D printed fingerprint. The result? They managed it on the third try using a fingerprint that took just 13 minutes to print on a resin 3D printer.
As the maker explained in an Imgur post, they used Photoshop and 3ds Max software to edit and 3D model a photo of their fingerprint. In 3ds Max, they were able to turn the lines of the fingerprint into fine, elevated ridges. Admittedly, it did take [darkshark] three reprints to achieve the right ridge height, but the third piece to come off the printer proved a success.
The fingerprint itself was 3D printed in just 13 minutes on an AnyCubic Photo LCD resin 3D printer, which has an accuracy of about 10 microns along the Z axis and 45 microns along X/Y. This level of precision ultimately did enable the printing of a worthy fake fingerprint for the experiment.
The impressive experiment has been unsettling to many and especially to those who rely on fingerprint recognition to access their smartphones. [darkshark] recognizes this and hopes the experiment will shine a light on the potential security discrepancies and risks that exist not only with smartphones but with all fingerprint-related identification.
“This brings up a lot of ethics questions and concerns,” the Imgur poster wrote. “There’s nothing stopping me from stealing your fingerprints without you ever knowing, then printing gloves with your fingerprints built into them and going and committing a crime.
“If I steal someone’s phone, their fingerprints are already on it. I can do this entire process in less than 3 minutes and remotely start the 3D print so that it’s done by the time I get to it. Most banking apps only require fingerprint authentication so I could have all of your info and spend your money in less than 15 minutes if your phone is secured by fingerprint alone.”
This isn’t the first smartphone security feature to be breached using 3D printing, though it might be the most worrying. Last December, Forbes conducted an experiment in which it 3D printed a replica of a person’s head and attempted to break into their smartphone using facial recognition. Though this experiment did require much more effort, it was, in most cases, successful in unlocking phones, which highlighted flaws in facial recognition tech.