Researchers Create ‘Master Fingerprints’ to Unlock Phones

Researchers Create ‘Master Fingerprints’ to Unlock Phones

Biometric features like fingerprint sensors and iris scanners have made it easier to securely unlock phones, but they may never be as secure as a good old-fashioned password. Researchers have repeatedly worked out methods to impersonate registered users of biometric devices, but now a team from New York University and the University of Michigan has gone further. The team managed to create so-called “DeepMasterPrints” that can fool a sensor without a sample of the real user’s fingerprints.

Past attempts to bypass biometric systems usually involve getting access to a registered individual’s data — that could be a copy of their fingerprint or a 3D scan of their face. DeepMasterPrints involves generating an entirely new fingerprint from a mountain of data that’s close enough to fool the sensor. Like so many research projects these days, the team used neural networks to do the heavy lifting.

The process started with feeding fingerprints from 6,000 people into a neural network in order to train it on what a human fingerprint looks like. A neural network is composed of a series of nodes that process data. It feeds forward into additional “layers” of nodes if the output meets a certain threshold. Thus, you can train the network to get the desired output. In this case, the researchers used a “generative adversarial network” to tune the system’s ability to generate believable fingerprints. The network used its understanding of prints to make one from scratch, and then a second network would determine if they were real or fake. If the fingerprints didn’t pass muster, the network could be re-tuned to try again.

The original input data came in the form of both full “rolled” fingerprints that were inked on paper and images of fingerprints captured by capacitive sensors like the ones on phones. DeepMasterPrints was significantly better at faking the capacitive prints because those sensors don’t need to see your entire fingerprint. It’s not practical to roll your finger across a sensor every time you unlock your phone.

Examples of real (left) and fake (right) fingerprints.
Examples of real (left) and fake (right) fingerprints.

To test the master fingerprints, researchers used a capacitive sensor at three different security levels. At the highest level of security, the sensor would incorrectly match a print 0.01 percent of the time. At the middle level, the false match rate was 0.1 percent, and the lowest tier used a false match rate of 1 percent. At the lowest security level, the fake fingerprints fooled the sensor 76 percent of the time. It’s unlikely a real consumer device would be so permissive, though. The middle tier is more realistic, and the team was able to spoof the sensor 22 percent of the time. At the highest level, the fake prints only worked 1.2 percent of the time.

So, your fingerprint sensor might be less secure than you think. The researchers believe that engineers will have to implement new algorithms and hardware features to combat similar master fingerprint attacks.

Continue reading

Sony Will Unlock the PS5’s Expandable Storage by This Summer
Sony Will Unlock the PS5’s Expandable Storage by This Summer

The PlayStation 5 will finally be able to boost its internal capacity this summer, with M.2 drive support arriving along with new fan profile updates.

Alder Lake Extravaganza: Intel Unloads Details on its Next-Gen CPU
Alder Lake Extravaganza: Intel Unloads Details on its Next-Gen CPU

Intel's desktop CPUs have been stuck on 14nm for over six years now, and the cracks in that process node have been showing for at least two. The manufacturer was finally ready to share details on Alder Lake, Gracemont, and Golden Cove with us, and it had a lot to talk about.

Samsung Breaks the Galaxy Z Fold3’s Cameras If You Unlock the Bootloader
Samsung Breaks the Galaxy Z Fold3’s Cameras If You Unlock the Bootloader

Unlocking allows you to root a phone and make changes to the core software. Naturally, most device makers discourage this behavior, but Samsung's setup on the Fold3 is downright hostile to modders.

Oculus Gives Discontinued Oculus Go a New Lease on Life with Unlocked Software
Oculus Gives Discontinued Oculus Go a New Lease on Life with Unlocked Software

The release of the Oculus Go in 2018 was an important step for Facebook's Virtual Reality division, but the product was short-lived. After being made obsolete by the Oculus Quest, the company discontinued the Go in 2020. Still, Facebook sold millions of the standalone headsets, and now they're more capable thanks to an unlocked software update.