Last month, police asked professor Anil Jain to see if he could get past the fingerprint lock on a deceased man’s smartphone in order to aid their investigation.
On July 25, Jain and his team unlocked the phone.
The mission began when Andrew Rathbun, detective with the Michigan State University Police Department and part of the Digital Forensics and Cyber Crime Unit, heard from the Lansing Police Department. They wanted help unlocking a Samsung Galaxy S6 phone that supposedly contained important evidence.
Rathbun racked his brain trying to figure out how to unlock the phone to perform a forensic examination and analysis of the data extracted from the phone. He spent hours online researching options, and even called some vendors for help, but he kept on getting the same answer: the technology does not exist to access fingerprint-locked smartphones.
In another attempt to find answers, Rathbun Googled “spoof fingerprint” and, much to his surprise, came across Jain’s work.
After agreeing to attempt to unlock the phone, Jain and his team met with detectives who provided him supervised access to the deceased man’s phone and the man’s original ink fingerprints, which Jain used to create digital scans of the man’s fingerprints.
Jain then went to work with two of his team members, Kai Cao, a postdoctoral scholar and Sunpreet Arora, a PhD student.
The team printed both 2D and 3D replicas of all 10 of the homicide victim’s fingerprints, not knowing which finger the deceased may have used to lock the phone. Neither the 2D nor the 3D replicas unlocked the phone, and Jain’s team quickly realized that they had to improve the quality of the ink fingerprints provided by the detectives.
They decided to enhance the fingerprints digitally—actually fill in the broken ridges and valleys of the man’s prints—in order to improve the quality without wiping out any crucial details in the prints. Cao specially created the computer program used to do this enhancement.
Once they had enhanced the fingerprints of the deceased, Jain and his team printed new 2D versions of the prints with conductive ink needed to create an electrical circuit just like live fingerprints do. According to Jain, smartphone fingerprint readers require an electrical circuit to unlock, which is why severed fingers won’t unlock a phone.
“Lucky for us, this phone did not require a passcode after a fixed number of failed attempts with fingerprints,” Jain said. “This allowed us to try different digitally enhanced fingerprints.”
Jain then asked Detective Rathbun to bring the phone back to his lab for another attempt to unlock it. This time, it worked.
“All of us just looked at each other,” Jain says. “And then we all shouted ‘it worked’ and started giving each other high fives.” The detectives from both police departments were also thrilled.
“The reason we have fingerprint readers in phones is to increase the security of information stored in our phones,” Jain says. “We use our phones to make financial transactions and that information is important to keep private. My team is not in the business of hacking phones, but in the research side of the fingerprint technology.
“Hopefully, our ability to unlock this phone will motivate phone developers to create advanced security measures for fingerprint liveness detection.”
The next challenge, Jain says, will be to figure out passcodes.
Source: Michigan State University