Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Cellphones Security Software Hardware Science Technology

Researchers Develop Master Fingerprints That Can Break Into Smartphones (digitaltrends.com) 29

Researchers at New York University and Michigan State University have recently found that the fingerprint sensor on your phone is not as safe as you think. "The team has developed a set of fake fingerprints that are digital composites of common features found in many people's fingerprints," reports Digital Trends. "Through computer simulations, they were able to achieve matches 65 percent of the time, though they estimate the scheme would be less successful in real life, on an actual phone." From the report: Nasir Memon, a computer science and engineering professor at New York University, explained the value of the study to The New York Times. Modern smartphones, tablets, and other computing devices that utilize biometric authentication typically only take a snapshots of sections of a user's finger, to compose a model of one fingerprint. But the chances of faking your way into someone else's phone are much higher if there are multiple fingerprints recorded on that device. "It's as if you have 30 passwords and the attacker only has to match one," Memon said. The professor, who was one of three authors on the study, theorized that if it were possible to create a glove with five different composite fingerprints, the attacker would likely be successful with about half of their attempts. For the record, Apple reported to the Times that the chance of a false match through the iPhone's TouchID system is 1 in 50,000 with only one fingerprint recorded.
This discussion has been archived. No new comments can be posted.

Researchers Develop Master Fingerprints That Can Break Into Smartphones

Comments Filter:
  • Whaaaaat? (Score:4, Insightful)

    by 93 Escort Wagon ( 326346 ) on Thursday April 13, 2017 @07:27PM (#54231675)

    "they were able to achieve matches 65 percent of the time, though they estimate the scheme would be less successful in real life, on an actual phone."

    So... much ado about nothing?

    • by Anonymous Coward

      Would you be happy with a car that someone could start from a 'master key' 65% of the time? What about 33%, half that? Would you be fine with 10%?

      The fact that a small set of fake fingerprints can unlock a third or more of all phones in the real world is a disaster for the pretense of using fingerprints as a security measure. It's not much ado about nothing - it's much ado about everything you are trying to protect.

  • by gurps_npc ( 621217 ) on Thursday April 13, 2017 @07:45PM (#54231749) Homepage

    1) You leave perfect copies of them all around you.

    2) Anyone that has possession of your body can instantly take them.

    3) The police maintain huge records of many people's fingerprints and do NOT keep them secure.

    4) You can not change it if it becomes compromised.

    5) Sensors that detect them are not very accurate and make little if any attempt to prevent false copies (they don't check to see if they are body temperature or have the flexibility of human skin.

  • Revoke credential (Score:5, Insightful)

    by manu0601 ( 2221348 ) on Thursday April 13, 2017 @09:20PM (#54232181)
    Biometric authentication is a bad idea most of the time,because once someone managed to impersonate you, you cannot revoke authentication credentials: in other words, you cannot change your biometric fingerprint.
  • by roc97007 ( 608802 ) on Thursday April 13, 2017 @09:26PM (#54232199) Journal

    Just so happens that my company iphone finger print sensor appears to be accurate about 65% of the time with *my* finger. If that's the success they're getting, I'd say they're doing pretty good.

  • Maybe then people will stop using part of their body as an authentication tool.

Truth is free, but information costs.

Working...