Artificial fingerprints have been developed by researchers who say they could one day be used to hack into everyday devices. Researchers from New York University and Michigan State University successfully generated what they call “DeepMasterPrints” earlier this year.
These are machine-learning methods that act as a kind of “masterkey” which, the researchers claim, have the potential to unlock around one in three fingerprint-protected smartphones.
In the paper released in October, the authors said synthetic fingerprints could be “used by an adversary to launch an attack … that can compromise the security of a fingerprint-based recognition system.”
Philip Bontrager, Aditi Roy, Julian Togelius, Nasir Memon and Arun Ross, the researchers behind the study, said the way fingerprints were recognized on smartphones and other devices was often problematic.
Phones and many more devices don’t capture your entire fingerprint. There’s not enough space on the device, so they capture a partial fingerprint which is not as secure as the full image. (People assume) the device stitches images of their fingerprint together, but that’s not really what happens it keeps sets of partial fingerprints.
For each finger stored in place of a password, the device keeps multiple images. If someone then uses their finger to unlock that device, they only need to match one of the partial fingerprint images on its security system.
If you store images for three of your fingers the device may keep around 30 partial fingerprints,” the researchers said. “With MasterPrints you just have to create a few five or ten and I’m in business.
They added that this could unlock a “reasonably large” number of phones just under a third. “If every fifth phone works it would be a profitable scam,” they said.