Researchers Create ‘Master Fingerprints’ to Unlock Phones

Researchers Create ‘Master Fingerprints’ to Unlock Phones

Biometric features like fingerprint sensors and iris scanners have made it easier to securely unlock phones, but they may never be as secure as a good old-fashioned password. Researchers have repeatedly worked out methods to impersonate registered users of biometric devices, but now a team from New York University and the University of Michigan has gone further. The team managed to create so-called “DeepMasterPrints” that can fool a sensor without a sample of the real user’s fingerprints.

Past attempts to bypass biometric systems usually involve getting access to a registered individual’s data — that could be a copy of their fingerprint or a 3D scan of their face. DeepMasterPrints involves generating an entirely new fingerprint from a mountain of data that’s close enough to fool the sensor. Like so many research projects these days, the team used neural networks to do the heavy lifting.

The process started with feeding fingerprints from 6,000 people into a neural network in order to train it on what a human fingerprint looks like. A neural network is composed of a series of nodes that process data. It feeds forward into additional “layers” of nodes if the output meets a certain threshold. Thus, you can train the network to get the desired output. In this case, the researchers used a “generative adversarial network” to tune the system’s ability to generate believable fingerprints. The network used its understanding of prints to make one from scratch, and then a second network would determine if they were real or fake. If the fingerprints didn’t pass muster, the network could be re-tuned to try again.

The original input data came in the form of both full “rolled” fingerprints that were inked on paper and images of fingerprints captured by capacitive sensors like the ones on phones. DeepMasterPrints was significantly better at faking the capacitive prints because those sensors don’t need to see your entire fingerprint. It’s not practical to roll your finger across a sensor every time you unlock your phone.

Examples of real (left) and fake (right) fingerprints.
Examples of real (left) and fake (right) fingerprints.

To test the master fingerprints, researchers used a capacitive sensor at three different security levels. At the highest level of security, the sensor would incorrectly match a print 0.01 percent of the time. At the middle level, the false match rate was 0.1 percent, and the lowest tier used a false match rate of 1 percent. At the lowest security level, the fake fingerprints fooled the sensor 76 percent of the time. It’s unlikely a real consumer device would be so permissive, though. The middle tier is more realistic, and the team was able to spoof the sensor 22 percent of the time. At the highest level, the fake prints only worked 1.2 percent of the time.

So, your fingerprint sensor might be less secure than you think. The researchers believe that engineers will have to implement new algorithms and hardware features to combat similar master fingerprint attacks.

Continue reading

Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera
Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera

According to a recent iFixit report, Apple's hostility to the right of repair has hit new heights with the iPhone 12 and iPhone 12 Pro.

Oppo Shows Off Concept Phone With Stretchable OLED Screen
Oppo Shows Off Concept Phone With Stretchable OLED Screen

Oppo has revealed a concept phone with a "continuously variable OLED display" that changes size in your hand to move between tablet and phone-like form factors.

Nvidia, Google to Support Cloud Gaming on iPhone Via Web Apps
Nvidia, Google to Support Cloud Gaming on iPhone Via Web Apps

Both Nvidia and Google have announced iOS support for their respective cloud gaming platforms via progressive web applications. Apple can't block that.

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021
Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

The 888 comes with a new CPU design, integrated 5G, and a massive GPU boost. It's shaping up to be the most significant update to Qualcomm's flagship system-on-a-chip (SoC) in years.