OnePlus 7 Pro Fingerprint Reader Hacked In Matter Of Minutes

• 
  Share to facebook
  
  
• 
  Share to twitter
  
  
• 
  Share to linkedin
  
  

The new OnePlus 7 Pro is a stunning phone, of that there can be little doubt. The pop-up camera and all-screen display with a great refresh rate show that OnePlus is still pushing forward with the form and functionality of its devices. One area where it has been pretty static is device security though, and so it should come as no surprise that someone has already managed to hack the fingerprint reader. Which doesn't necessarily mean that you should be running around the room pulling your hair out, the ability to hack the fingerprint security lock and the opportunity to exploit this ability are two very different things.

OnePlus 7 Pro biometrics

The fingerprint sensor is the same optical "under the screen" one that users of the OnePlus 6T will already be very used to. This is no bad thing as far as accuracy and speed are concerned; the OnePlus 7 Pro has one of the fastest finger to phone unlock routines I have seen, coupled with a decent target area meaning your finger (or thumb) will hit a lot more than miss. Indeed, Forbes contributor Ewan Spence says he will "be using the fingerprint unlocking a lot more on the 7 Pro than the 6T" as the pop-up camera makes facial recognition too slow by comparison. I am not suggesting he, or you, should change your mind in light of the revelation that the fingerprint reader can be fooled pretty easily.

The fingerprint hack explained

Earlier this week a video appeared on the Max Tech YouTube channel that showed how easily the OnePlus 7 Pro fingerprint reader could be fooled and the device unlocked using just a hot-glue gun, tinfoil and some white school glue. This methodology is nothing new, truth be told, and similar print molding techniques have fooled many a biometric security system in the past. The Chaos Computer Club (CCC) famously bypassed the iPhone 5S Touch ID system back in 2013 by photographing a fingerprint, laser-printing to a transparent sheet using a thick toner laying over this with latex milk to produce a fake finger. The Max Tech method was even easier and a lot quicker; from finger to phone access was accomplished in a matter of minutes. It involves putting a blob of hot-glue onto some tinfoil, wetting your finger and dabbing it into the glue to make an impression and then filling over the top with some white school glue. As soon as the white glue dries, which only takes minutes, this is carefully peeled away to reveal a fake fingerprint that can be used to successfully and instantly unlock the OnePlus 7 Pro time and time again. The cloned fingerprint could also open a OnePlus 6T but didn't fool the ultrasonic reader used by the Samsung S10. Not that the Samsung S10 cannot be fooled, as I reported here on Forbes back in March.

Why it really doesn't matter that much

Across the years I have seen fingerprints cloned using everything from clay to Gummi Bear sweets. Yet I still use the fingerprint reader on my phone as the primary unlock method. Am I mad? Nope, I am just realistic. As ethical hacker John Opdenakker told me earlier today, "it sounds very scary because this attack could give criminals access to your entire digital life. But it would be very difficult to realize because it requires a fingerprint of the victim and physical access to the device." And there is the reason I still use fingerprint unlocking and so should you. For the hack to be effective the attacker would have to not only already have physical access to your OnePlus 7 Pro device but to your finger as well. Why bother forcing you to dab your finger in hot glue when they could just as easily force you to dab it onto the phone screen instead? My advice is to keep on using that OnePlus 7 Pro fingerprint biometric to unlock your phone. It provides ample security for most use cases and the risk of someone being able to bypass it is very small for the vast majority of people. Oh, and if anyone asks you to just pop your finger into a blob of hot glue, politely decline...

I asked OnePlus for comment regarding this fingerprint reader hack but had not heard back by the time of publication. If this changes I will update the story accordingly.

">

The new OnePlus 7 Pro is a stunning phone, of that there can be little doubt. The pop-up camera and all-screen display with a great refresh rate show that OnePlus is still pushing forward with the form and functionality of its devices. One area where it has been pretty static is device security though, and so it should come as no surprise that someone has already managed to hack the fingerprint reader. Which doesn't necessarily mean that you should be running around the room pulling your hair out, the ability to hack the fingerprint security lock and the opportunity to exploit this ability are two very different things.

OnePlus 7 Pro biometrics

The fingerprint sensor is the same optical "under the screen" one that users of the OnePlus 6T will already be very used to. This is no bad thing as far as accuracy and speed are concerned; the OnePlus 7 Pro has one of the fastest finger to phone unlock routines I have seen, coupled with a decent target area meaning your finger (or thumb) will hit a lot more than miss. Indeed, Forbes contributor Ewan Spence says he will "be using the fingerprint unlocking a lot more on the 7 Pro than the 6T" as the pop-up camera makes facial recognition too slow by comparison. I am not suggesting he, or you, should change your mind in light of the revelation that the fingerprint reader can be fooled pretty easily.

The fingerprint hack explained

Earlier this week a video appeared on the Max Tech YouTube channel that showed how easily the OnePlus 7 Pro fingerprint reader could be fooled and the device unlocked using just a hot-glue gun, tinfoil and some white school glue. This methodology is nothing new, truth be told, and similar print molding techniques have fooled many a biometric security system in the past. The Chaos Computer Club (CCC) famously bypassed the iPhone 5S Touch ID system back in 2013 by photographing a fingerprint, laser-printing to a transparent sheet using a thick toner laying over this with latex milk to produce a fake finger. The Max Tech method was even easier and a lot quicker; from finger to phone access was accomplished in a matter of minutes. It involves putting a blob of hot-glue onto some tinfoil, wetting your finger and dabbing it into the glue to make an impression and then filling over the top with some white school glue. As soon as the white glue dries, which only takes minutes, this is carefully peeled away to reveal a fake fingerprint that can be used to successfully and instantly unlock the OnePlus 7 Pro time and time again. The cloned fingerprint could also open a OnePlus 6T but didn't fool the ultrasonic reader used by the Samsung S10. Not that the Samsung S10 cannot be fooled, as I reported here on Forbes back in March.

Why it really doesn't matter that much

Across the years I have seen fingerprints cloned using everything from clay to Gummi Bear sweets. Yet I still use the fingerprint reader on my phone as the primary unlock method. Am I mad? Nope, I am just realistic. As ethical hacker John Opdenakker told me earlier today, "it sounds very scary because this attack could give criminals access to your entire digital life. But it would be very difficult to realize because it requires a fingerprint of the victim and physical access to the device." And there is the reason I still use fingerprint unlocking and so should you. For the hack to be effective the attacker would have to not only already have physical access to your OnePlus 7 Pro device but to your finger as well. Why bother forcing you to dab your finger in hot glue when they could just as easily force you to dab it onto the phone screen instead? My advice is to keep on using that OnePlus 7 Pro fingerprint biometric to unlock your phone. It provides ample security for most use cases and the risk of someone being able to bypass it is very small for the vast majority of people. Oh, and if anyone asks you to just pop your finger into a blob of hot glue, politely decline...

I asked OnePlus for comment regarding this fingerprint reader hack but had not heard back by the time of publication. If this changes I will update the story accordingly.