Friday, May 12, 2017

Could a master fingerprint unlock your mobile device?



No two people are believed to have the matching fingerprints, but could similarities between partial prints be enough to pass the security check on your smartphone or mobile device?

Fingerprint authentication sensors on smartphones are small and only capture a partial print. Also, many smartphones allow users to save several prints to be used for verification. Identity is confirmed when any of these prints is found to be a match.

Nasir Memon, a professor at New York University Tandon School of Engineering, leads a research team that decided to try and see if a master fingerprint could be created that would be good enough to fool current commercial fingerprint verification sensors and software.

Using a sample of 8200 partial prints, Nasir’s team found an average of 92 potential MasterPrints for every randomly sampled batch 800 partial prints. They found just 1 potential MasterPrint out of every randomly samples batch of 800 full prints. (A MasterPrint was defined as a print that would match about 4% of the prints in a random batch of 800.) It was evident that a partial print fingerprint reader had a much greater chance of being spoofed than a full print reader. 

With their created MasterPrints, the team reported successful matches with 26 to 65% of users, depending on how many partial prints were stored on the device, and how many log-in attempts were allowed. In comparison, a hacker trying the number 1-2-3-4 has about a 4% chance of successfully logging in to a random smartphone by PIN number.

The researchers emphasize that their testing was done is a synthetic environment, but their research led them to a couple recommendations. Their high matching results reinforce the need for a multi-factor authentication system. Also, fingerprint sensors on smartphones and mobile devices would benefit by having improved resolution to capture additional fingerprint features. If the resolution is not improved, it’s possible that a users prints can be compromised, and thus the security of the smartphone.


Biometric securityPartial fingerprints sufficient to trick biometric security systems on smartphones 


Published April 12, 2017 on Homeland Security News Wire


No comments:

Post a Comment