Researchers Develop Master Fingerprints That Can Break Into Smartphones (digitaltrends.com) 29
Researchers at New York University and Michigan State University have recently found that the fingerprint sensor on your phone is not as safe as you think. "The team has developed a set of fake fingerprints that are digital composites of common features found in many people's fingerprints," reports Digital Trends. "Through computer simulations, they were able to achieve matches 65 percent of the time, though they estimate the scheme would be less successful in real life, on an actual phone." From the report: Nasir Memon, a computer science and engineering professor at New York University, explained the value of the study to The New York Times. Modern smartphones, tablets, and other computing devices that utilize biometric authentication typically only take a snapshots of sections of a user's finger, to compose a model of one fingerprint. But the chances of faking your way into someone else's phone are much higher if there are multiple fingerprints recorded on that device. "It's as if you have 30 passwords and the attacker only has to match one," Memon said. The professor, who was one of three authors on the study, theorized that if it were possible to create a glove with five different composite fingerprints, the attacker would likely be successful with about half of their attempts. For the record, Apple reported to the Times that the chance of a false match through the iPhone's TouchID system is 1 in 50,000 with only one fingerprint recorded.
Re: (Score:3)
Not quite. a fingerprint on andriod is like closing all the doors and windows with regular locks. someone can smash a window or pick a lock, but it does take some work.
it is no vault but then again the average person leave their wallet just lying around their home too.
Re: "though they estimate the scheme would be less (Score:3)
Maybe they did, and got awful results. Researchers play funny games with what they choose to publish or not publish.
Whaaaaat? (Score:4, Insightful)
"they were able to achieve matches 65 percent of the time, though they estimate the scheme would be less successful in real life, on an actual phone."
So... much ado about nothing?
Re: (Score:2)
Yeah, but she's faking it.
Re: (Score:1)
Would you be happy with a car that someone could start from a 'master key' 65% of the time? What about 33%, half that? Would you be fine with 10%?
The fact that a small set of fake fingerprints can unlock a third or more of all phones in the real world is a disaster for the pretense of using fingerprints as a security measure. It's not much ado about nothing - it's much ado about everything you are trying to protect.
Fingerprints are not secure. (Score:5, Interesting)
1) You leave perfect copies of them all around you.
2) Anyone that has possession of your body can instantly take them.
3) The police maintain huge records of many people's fingerprints and do NOT keep them secure.
4) You can not change it if it becomes compromised.
5) Sensors that detect them are not very accurate and make little if any attempt to prevent false copies (they don't check to see if they are body temperature or have the flexibility of human skin.
Re: (Score:3)
Nothing. Did you expect them to grow a beard or something?
Re:Fingerprints are not secure. (Score:5, Insightful)
In other words, fingerprints can be replacements for usernames, not passwords! Identification, not authentication.
Re: (Score:2)
Finally an insightful message and me lacking modpoints.
You have NO idea how hard it is to get this piece of information into management skulls.
Re: (Score:2)
Except I have far more than 10 (even 20 if you count toes) distinct usernames across various services that are not linkable to each other.
Re: (Score:2)
Hence my use of the word "can," not the word "should."
Re: (Score:1)
Actually, that's pretty good.
Who's going to enter a single digit for a password? Of course, *now* it'll be tried, but for average snoopers, that's pretty good.
Revoke credential (Score:5, Insightful)
65 percent... (Score:4, Funny)
Just so happens that my company iphone finger print sensor appears to be accurate about 65% of the time with *my* finger. If that's the success they're getting, I'd say they're doing pretty good.
Good (Score:2)
Maybe then people will stop using part of their body as an authentication tool.