Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Develop Master Fingerprints That Can Break Into Smartphones (digitaltrends.com)

Posted by BeauHD on from the where-there's-a-will-there's-a-way dept.

Researchers at New York University and Michigan State University have recently found that the fingerprint sensor on your phone is not as safe as you think. "The team has developed a set of fake fingerprints that are digital composites of common features found in many people's fingerprints," reports Digital Trends. "Through computer simulations, they were able to achieve matches 65 percent of the time, though they estimate the scheme would be less successful in real life, on an actual phone." From the report: Nasir Memon, a computer science and engineering professor at New York University, explained the value of the study to The New York Times. Modern smartphones, tablets, and other computing devices that utilize biometric authentication typically only take a snapshots of sections of a user's finger, to compose a model of one fingerprint. But the chances of faking your way into someone else's phone are much higher if there are multiple fingerprints recorded on that device. "It's as if you have 30 passwords and the attacker only has to match one," Memon said. The professor, who was one of three authors on the study, theorized that if it were possible to create a glove with five different composite fingerprints, the attacker would likely be successful with about half of their attempts. For the record, Apple reported to the Times that the chance of a false match through the iPhone's TouchID system is 1 in 50,000 with only one fingerprint recorded.

3 of 29 comments (clear)

  1. Whaaaaat? by 93+Escort+Wagon · · Score: 3, Insightful

    "they were able to achieve matches 65 percent of the time, though they estimate the scheme would be less successful in real life, on an actual phone."

    So... much ado about nothing?

    --
    #DeleteChrome
  2. Revoke credential by manu0601 · · Score: 4, Insightful

    Biometric authentication is a bad idea most of the time,because once someone managed to impersonate you, you cannot revoke authentication credentials: in other words, you cannot change your biometric fingerprint.

  3. Re:Fingerprints are not secure. by mrchaotica · · Score: 4, Insightful

    In other words, fingerprints can be replacements for usernames, not passwords! Identification, not authentication.

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz