A research team has found that so-called “masterprints” can successfully defeat fingerprint sensors on certain smartphones.
Departments at the New York University and Michigan State University created fingerprints digitally composed of many common features found in human prints, reported the New York Times.
Called masterprints, these were then used for presentation attackes on phones, with the team saying it could match real prints similar to those used by phones as much as 65 percent of the time.
“It’s almost certainly not as worrisome as presented, but it’s almost certainly pretty darn bad,” said Andy Adler, a professor of systems and computer engineering at Carleton University in Canada, who studies biometric security systems, told the newspaper. “If all I want to do is take your phone and use your Apple Pay to buy stuff, if I can get into 1 in 10 phones, that’s not bad odds.”
“It’s as if you have 30 passwords and the attacker only has to match one,” said Nasir Memon, a professor of computer science and engineering at N.Y.U.’s Tandon School of Engineering, who is one of three authors of the study, which was published in IEEE Transactions on Information Forensics and Security. The other authors are Aditi Roy, a postdoctoral fellow at N.Y.U.’s Tandon School, and Arun Ross, a professor of computer science and engineering at Michigan State.
Stephanie Schuckers, a professor at Clarkson University and director of the Center for Identification Technology Research, noted that the researchers used a midrange, commercially available software program that was designed to match full fingerprints, limiting the broader applicability of their findings.
“To really know what the impact would be on a cellphone, you’d have to try it on the cellphone,” she said.
She also noted that cellphone makers and others who use fingerprint security systems are studying anti-spoofing techniques to detect the presence of a real finger, such as looking for perspiration or examining patterns in deeper layers of skin. A new fingerprint sensor from Qualcomm, for example, uses ultrasound.
EmoticonEmoticon