Chinese hackers use fingerprints on glass to crack sensors for 20 minutes

A group of Tencent hackers recently demonstrated the technique of unlocking smartphone fingerprint sensors in just 20 minutes.

Are you sure you want to drink water with that glass cup? Because your fingerprints will fill the glass, and obviously that's more than enough for hackers to crack your smartphone.

Just fingerprints on the glass of the cup is more than enough for hackers to crack your smartphone.

The X-Lab hacker group of Tencent Security demonstrated this technique at a hacking event in Shanghai by inviting some spectators to touch the cup. Then the team leader, Chen Yu, took out his phone, took a fingerprint picture on the cup, put it into the app they had just developed to extract the correct data. This data is used to create physical copies of a user's fingerprint in just 20 minutes.

Result? That copy of the fingerprint fooled 3 smartphones and 2 other machines equipped with a fingerprint scanner.

" To carry out this attack, it requires hardware that costs $ 140, and the software only includes a phone and an application," said X-Lab researcher Chen Yu.

X-Lab is one of Tencent's seven security research groups, including Keen Lab and Yunding Lab

Tencent of course refuses to disclose further information on the specific method it used.

X-Lab claims that it is the first group to unlock ultrasonic fingerprint sensors , along with two other types of fingerprint sensors commonly used on smartphones , capacitive and optical sensors.

But this claim is not entirely true. The ultrasonic fingerprint sensor on the Galaxy S10 was actually cracked earlier this month by a woman in the UK, with a $ 3.4 screen protector bought on eBay.

The Korean company later released a patch for the Galaxy S10 and Note 10 fingerprint sensors, but it was too late in China because both WeChat Pay and Alipay - the country's two largest mobile payment platforms - have deactivated the use of the fingerprint sensor on some Samsung devices to authenticate transactions.

The ultrasonic fingerprint sensor on the Galaxy S10 has actually been cracked with a $ 3.4 screen protector bought on eBay.

Developed by Qualcomm, the ultrasonic fingerprint sensor is billed as a more reliable and faster solution than other in-screen fingerprint sensors. They broadcast sound to your finger and rely on the data bounced back to create a 3D image of the fingerprint. Xiaomi has also used ultrasonic fingerprint sensors on some of its devices.

Last year, Chen's team discovered a design bug that affected fingerprint sensors in older generation displays, putting half a dozen smartphones at risk, including the Huawei Mate 20 Pro. The only thing needed to make the attack was a translucent reflective material. If you're wondering where that can be found, you'll be left gasping when you know it's actually quite popular: aluminum foil.

Another security research group from Tencent, Keen Lab, discovered many bugs in Tesla's advanced driver assistance system this year, fooling a Model S into the opposite lane.

In this latest hack, X-Lab researchers said they have been developing the application for months. They also noticed that extracting a fingerprint from the glass of the phone was even easier than from a glass.

But X-Lab says you shouldn't be too worried about this. Chen says you only need to remember to wipe your fingerprints regularly whenever you touch something.

• Review "rogue trophy" of bad hackers Vietnam
• The 10 most famous hacks of all time