A team of researchers from Guangzhou and Wuhan universities joined forces with American colleagues from Colorado State University to explore a surprising weakness in fingerprint security. Their findings show that fingerprints can be inferred by listening to the sound produced when a finger drags across a touchscreen. The results were shared through a global security conference portal and presented as part of the study on system vulnerabilities.
The attack relies on the audio signature generated by finger movements on a touch surface. In their tests, partial fingerprints could be recovered in about 28 percent of cases, while full fingerprint data was reconstructed in roughly 9 percent of trials. These numbers highlight a real risk that biometric data could leak through everyday device interactions if the right audio capture channel is available.
Biometric data of this kind can be exposed by any app that has access to a device microphone, including popular communication tools and video services such as Discord, Skype, and FaceTime. This broadens the potential vectors for a fingerprint leak beyond dedicated security apps to everyday software that users routinely install and use.
The researchers introduced an algorithm named PrintListener, designed to interpret raw audio signals produced by finger glides and taps on the screen. The method translates sound patterns into representations of the ridges and valleys that make up a fingerprint, enabling reconstruction of the print from audio traces.
Compared with existing approaches like MasterPrint, which rely on AI to generate fingerprints from a template library, PrintListener demonstrated greater effectiveness in decoding and rebuilding papillary patterns from acoustic data. This suggests that sound-based side channels could pose a more serious threat to biometric authentication than previously recognized.
As with any security research, the work sits in the broader context of cyber threats that exploit everyday technologies. Earlier incidents have shown how interconnected devices can become points of entry for attackers, underscoring the need for layered protections and careful control of microphone access across apps and platforms. The evolving landscape of biometric security calls for ongoing evaluation of how data is captured, stored, and protected, especially when it can be inferred from non-traditional channels like audio during ordinary interactions with devices.
Overall, the study emphasizes a shift in how practitioners think about protecting biometric data on mobile and desktop platforms, urging developers and policymakers to consider the implications of side-channel information and to reinforce defenses that reduce the risk of fingerprint reconstruction from incidental sounds. This line of inquiry continues to inform discussions about safer authentication methods and more resilient device ecosystems. [NDSS Symposium report attribution]