Fingerprint security is viewed as one of the best methods of protecting devices. Fingerprints are more convenient than passwords. Every individual’s fingerprint is different. Computer scientists, however, have recently discovered how to generate false digital fingerprints capable of unlocking secured devices.
Scientists from Michigan State University and New York University have discovered a method of unlocking fingerprint secured devices. Many devices, such as the cell phones we use every day, rely on biometric data validation. The fake digital fingerprints, known as “DeepMasterPrints”, represent a major security issue.
These DeepMasterPrints are created by an artificial neural network. This network is a type of artificial intelligence that uses algorithms to mimic the ability of the human brain to recognize patterns. The system works by analyzing a series of human fingerprints. After it recognizes the most common features, they system generates an image based on the detected features. This image creates a “skeleton key” that can be used to exploit fingerprint secured devices.
DeepMasterPrints work by exploiting the main weakness of fingerprint secured devices- the fact that fingerprint sensors are very small. The sensors are only able to read part of a fingerprint’s image, then what the device captured is compared to a database of authorized prints. Because the device only reads part of a print, there are fewer features to recognize than a full print. This means that DeepMasterPrints only need to match a few features in order to pass as a complete fingerprint.
Computer scientists are constantly trying to recognize new security flaws and adapt technology to combat these flaws. Through the study developing DeepMasterPrints, scientists discovered that fingerprint secured devices represent a large security risk. The false fingerprints generated by the artificial neural network can imitate 23% of the fingerprints in the test database, even with the most strict match requirements. When tested with a slightly less strict match requirement still within the standards of typical phone security, the DeepMasterPrint passed as 77% of the test fingerprints.
Although the scientists did not actually create physical fake fingerprints and unlock phones outside of a virtual environment, the study involving DeepMasterPrints uncovered a major security risk. Fingerprints are typically viewed as one of the best methods of identity verification, meaning they are used for everything from verifying payment to opening secured entryways. The study creating the DeepMasterPrint system exposed the security flaws surrounding devices reliant on biometric data validation, and will help computer scientists to combat these security risks in the future.