Researchers Create ‘Master Fingerprints’ to Unlock Phones

Researchers Create ‘Master Fingerprints’ to Unlock Phones

Biometric features like fingerprint sensors and iris scanners have made it easier to securely unlock phones, but they may never be as secure as a good old-fashioned password. Researchers have repeatedly worked out methods to impersonate registered users of biometric devices, but now a team from New York University and the University of Michigan has gone further. The team managed to create so-called “DeepMasterPrints” that can fool a sensor without a sample of the real user’s fingerprints.

Past attempts to bypass biometric systems usually involve getting access to a registered individual’s data — that could be a copy of their fingerprint or a 3D scan of their face. DeepMasterPrints involves generating an entirely new fingerprint from a mountain of data that’s close enough to fool the sensor. Like so many research projects these days, the team used neural networks to do the heavy lifting.

The process started with feeding fingerprints from 6,000 people into a neural network in order to train it on what a human fingerprint looks like. A neural network is composed of a series of nodes that process data. It feeds forward into additional “layers” of nodes if the output meets a certain threshold. Thus, you can train the network to get the desired output. In this case, the researchers used a “generative adversarial network” to tune the system’s ability to generate believable fingerprints. The network used its understanding of prints to make one from scratch, and then a second network would determine if they were real or fake. If the fingerprints didn’t pass muster, the network could be re-tuned to try again.

The original input data came in the form of both full “rolled” fingerprints that were inked on paper and images of fingerprints captured by capacitive sensors like the ones on phones. DeepMasterPrints was significantly better at faking the capacitive prints because those sensors don’t need to see your entire fingerprint. It’s not practical to roll your finger across a sensor every time you unlock your phone.

Examples of real (left) and fake (right) fingerprints.
Examples of real (left) and fake (right) fingerprints.

To test the master fingerprints, researchers used a capacitive sensor at three different security levels. At the highest level of security, the sensor would incorrectly match a print 0.01 percent of the time. At the middle level, the false match rate was 0.1 percent, and the lowest tier used a false match rate of 1 percent. At the lowest security level, the fake fingerprints fooled the sensor 76 percent of the time. It’s unlikely a real consumer device would be so permissive, though. The middle tier is more realistic, and the team was able to spoof the sensor 22 percent of the time. At the highest level, the fake prints only worked 1.2 percent of the time.

So, your fingerprint sensor might be less secure than you think. The researchers believe that engineers will have to implement new algorithms and hardware features to combat similar master fingerprint attacks.

Continue reading

Google CEO Promises to Investigate Exit of Top AI Researcher
Google CEO Promises to Investigate Exit of Top AI Researcher

Google CEO Sundar Pichai has waded into the furor surrounding the termination of AI ethicist Dr. Timnit Gebru, but his memo may not help the situation much.

Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019

SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.

Researchers Develop Whitest Paint Ever to Combat Climate Change
Researchers Develop Whitest Paint Ever to Combat Climate Change

Aside from being a neat technical feat, the team believes the new white paint could help address climate change by saving loads of power.

Researchers: 2.5 Billion Tyrannosaurus Rexes Walked the Earth
Researchers: 2.5 Billion Tyrannosaurus Rexes Walked the Earth

A new analysis from the University of California Berkeley estimates that there were about 20,000 adult Tyrannosaurs at any given time during the Cretaceous period. Add that up over millions of years, and there could easily have been 2.5 billion of these dinosaurs in total.