(Yicai Global) Dec. 1 -- Using just one piece of film can make your fingerprint lock useless, a problem that affects almost all the mainstream domestic handset makers. This major security loophole is not just a design flaw of individual chip makers but a possible industry-wide problem with mobile phones' fingerprint recognition function, people in the industry said. Under a conservative estimate, at least hundreds of millions of handsets will be affected, which could make it a security incident in the mobile phone industry that affects the largest number of devices, technology media IT Times reported.

Fingerprint chip maker Suzhou Micro Array Microelectronics Co. released a video on Nov. 21. In the video, an operator registered a fingerprint on a cell phone of a well-known domestic brand and then attached a piece of film to its rear part where users can unlock the phone with their fingerprints. After unlocking the handset several times with the pre-registered fingerprints, the device can be unlocked with any other unregistered fingerprints.

Fingerprint recognition has become very popular in the market after its introduction. Some 870 million smart phones with fingerprint recognition function have been shipped globally this year, according to Sigmaintell Consulting Co.

Is the film made of special materials? "No, it is just ordinary adhesive tape and has nothing special," said Li Yangyuan, chairman of Micro Array, adding that the purpose of attaching a piece of film is just to let a certain material be seamlessly attached to the unlocking area. "This is not a special material. Everyone can buy it, and everyone can operate it. More crucially, a number of well-known domestic handset brands have this loophole."

To verify Li's argument, IT Times tested phones manufactured by several domestic handset makers including Huawei Technologies Co., Xiaomi, Inc, Guangdong Oppo Mobile Telecommunications Corp. (Oppo) and Vivo Mobile Telecommunications Corp. and found that this loophole does exist.

"Fingerprint chips used in the mobile phone industry adopt whole image matching algorithm and are characterized by their self-learning function. As fingerprint images may differ due to the intensity of the press and the wetness or dryness of the fingers, fingerprint chips need to keep learning new traits and update new images to ensure the recognition and pass rate," insiders explained. Though fingerprint chips' self-learning function has helped improve the pass rate of fingerprints in various situations, there is also a huge risk that such chips will let pass fingerprint images as long as they include parts that are consistent with the registered images without distinguishing whether the inconsistent parts are due to human disturbance.

Insiders estimate that at least 100 million handsets are affected. "Whole image identification algorithm has become the top choice of fingerprint chip makers since 2015 because of its fast unlocking speed, high pass rate and good user experience. It is very likely that mobile phones released then already had the loophole."

However, this loophole can be closed. All the existing problems are due to that manufacturers do not determine authenticity based on fingerprint characteristics but treat fingerprints as ordinary images, insiders said. For example, some cell phones even accept orange peel as a registered fingerprint. If manufacturers can use software to accurately identify whether the pressed image is a fingerprint or not, then all the problems will be solved. This is not difficult for manufacturers, and they can come up with a solution in one to two weeks.

IT Times notified several domestic handset makers. Oppo replied that its engineers are already testing devices and will fix the loophole as quickly as possible.