EM Fingerprints: Attack In-Display Fingerprint Sensors via Electromagnetic (EM) Side Channel
Recently, in-display fingerprint sensors have been widely adopted in newly-released smartphones. However, we find this new technique can leak information about the user’s fingerprints during a screen-unlocking process via the electromagnetic (EM) side channel that can be exploited for fingerprint recovery. We propose FPLogger to demonstrate the feasibility of this novel side-channel attack. Specifically, it leverages the emitted EM emanations whe the user presses the in-display fingerprint sensor to extract fingerprint information, then maps the captured EM signals to fingerprint images and develops 3D fingerprint pieces to spoof and unlock the smartphones.
@inproceedings{ni2023recovering,
title={Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel},
author={Ni, Tao and Zhang, Xiaokuan and Zhao, Qingchuan},
booktitle={Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security},
pages={253--267},
year={2023}
}Recent News
-
- [Mar. 2024] Samsung Mobile Security and Xiaomi have assigned security analysts to assess FPLogger vulnerability for further discussion.
- [Nov. 2023] Our vulnerability reports were acknowledged by smartphone vendors, including Samsung, Xiaomi, OPPO, and OnePlus!
- [Oct. 2023] GOODiX contacts us for future collaboration regarding this vulnerability.
- [Aug. 2023] Our paper has been accpeted by ACM CCS 2023!
- [May 2023] Our paper has been submitted to ACM CCS 2023 (Round 2).
Demo of Attacks
Attack OnePlus 10 Pro
Attack Redmi K20 Pro
Ethical Consideration
We take ethical considerations seriously. Since fingerprints are very sensitive biometric information, illegally collecting from human participants may cause severe consequences and violate laws. Therefore, as a proof-of-concept work, we construct 3D fingerprints from real fingerprint images through 3D printing technique. 
All fingerprint pieces are built via a 3D printer using fingerprint images from a
public dataset for scientific research (SOCOFing), and these pieces are only used for fingerprint registration and unlocking the smartphone to collect EM emanations for empirical evaluations.
Public Fingerprint Dataset SOCOFing
Sokoto Coventry Fingerprint Dataset (SOCOFing) is a biometric fingerprint database designed for academic research purposes. SOCOFing contains 6,000 fingerprint images from 600 African subjects and contains unique attributes such as labels for gender, hand and finger name as well as synthetically altered versions with three different levels of alteration for obliteration, central rotation, and z-cut.
Appendix A - Notations in ASE Feature Extraction
| Notation | Description | Setting |
|---|---|---|
| f | Sampling frequency | 20kHz |
| rf | Resolution of target fingerprint images | 64dpi |
| i, j | Starting and ending indices of a signal frame | 0, 1, 2, ... |
| e i,j(t) | Envelope data between i and j at time t | i+0.001f=j |
| eL i, j(t) and eU i, j(t) | Lower bound and upper bound of e i, j(t) | i+0.001f=j |
| eF i, j(t) | Extracted ase feature from e i, j(t) | i+0.001f=j |
| nF and lF | Segments and length of the moving binning window | -, 0.002 |
Appendix B - Smartphones with In-Display Fingerprint Sensors
| Commodity Smartphone | Optical-based | Ultrasonic-based |
|---|---|---|
| OnePlus 10 Pro | ✔ | ✘ |
| OPPO A96 | ✔ | ✘ |
| Xiaomi Redmi K20 Pro | ✔ | ✘ |
| Huawei P30 Pro | ✔ | ✘ |
| OnePlus Nord 2T | ✔ | ✘ |
| Realme GT 2 Pro 5G | ✔ | ✘ |
| OPPO Reno 8 Pro | ✔ | ✘ |
| Google Pixel 6a | ✔ | ✘ |
| Vivo V25 Pro 5G | ✔ | ✘ |
| Moto G72 | ✔ | ✘ |
| Honor Magic 2 | ✔ | ✘ |
| Meizu 16 Plus | ✔ | ✘ |
| Huawei Mate 20 Pro | ✔ | ✘ |
| Vivo V11 Pro | ✔ | ✘ |
| Lenovo Z5 Pro | ✔ | ✘ |
| OPPO R17 Neo | ✔ | ✘ |
| Google Pixel 7 Pro | ✔ | ✘ |
| Samsung Galaxy S10 | ✘ | ✔ |
| Samsung Galaxy S22 | ✘ | ✔ |
| iQOO 9 Pro | ✘ | ✔ |
Appendix C - Comparison Table
Relevant side-channel attacks on different smartphone unlocking systems. FPLogger is the first work to attack in-display fingerprint sensors in newly-released smartphones.