While we are writing this news we look at all the keys of the notebook against the light, and we realize that, clearly visible, on each key there is a complete fingerprint.

Kraken Security has published an article on its blog that explains how it is possible, in a very short time, to replicate a fingerprint and use it to unlock any device, from smartphones to PCs.

Fingerprints, according to the site that deals with security, they are more practical than safe, because they cannot in any way protect a password or an alphanumeric pin subscribed to a two-factor control system as it does. Passwords are obviously excluded “Foo” And “1 2 3 4 5 6“.

The Kraken Security Labs Team pointed out that an attacker must not even get into possession of an object on which we have left a footprint, a photo is enough to work for a few minutes with Photoshop. If the impression is clear it takes very little time, if it is not you have to work a little.

What you can get from Photoshop is a good negative imprint, which is enough to print on an acetate sheet with the laser printer to obtain, thanks to the toner, a three-dimensional structure of our imprint fixed on the sheet.

At this point, a little bit of vinyl wood glue is enough to make a copy, exactly as seen in the movies. Products within everyone’s reach, which do not require scientific or even particular techniques: they are a few euros of material.

This technique is particularly effective with electronic devices, because compared to a classic fingerprint scanner, the analysis is much faster and therefore also imprecise.

Today almost no device carries out an analysis on the entire footprint, they only check some areas and even if one part fails, maybe the photo is bad, the device is unlocked anyway. The solution would be a much more precise control, but a phone would take too long to unlock: we have said it a thousand times, fast unlock often also means little security and is not always a positive thing. Indeed, a slow but more accurate release in the control could be positive.

The advice is simple: don’t rely on fingerprints alone, just as you don’t have to rely on passwords alone. Kraken suggests two-factor authentication, however this solution is almost never adopted when the fingerprint reader is used.

Home banking apps, and those for cashless payments, tend to trust only the footprint. Kraken proves that they are bad.