artificial fingerprints capable of fooling a third of smartphones

The fingerprint reader has become a standard feature of many smartphones to secure unlocking and limit access to data from the mobile device.

However, most of the sensors are actually optical systems taking a photo of the fingerprint and comparing it to a reference to authenticate it and it is regularly shown that it is not very difficult to fool the devices.

Researchers from New York University and Michigan State went further by developing a system DeepMasterPrints which prides itself on functioning as a universal pass capable of unlocking a significant number of smartphones.

Using deep learning techniques, the system also takes advantage of the fact that comparative fingerprints on smartphones are often partial fingerprints, much easier to reproduce than full fingerprints but which allow to obtain analysis times (and therefore unlocking) fast.

DeepMasterPrints 02

For each fingerprint, several images of the partial fingerprint are stored and if the tested fingerprint is validated for a small number of these references, the smartphone is unlocked, explain the researchers, while verifying the full fingerprint would require a comparison with several dozen partial images, at the cost of a much longer processing time.

The DeepMasterPrints tool is in principle capable of creating artificial fingerprints capable of unlocking just under a third of smartphones on the market, but for researchers, a success rate of more than 20% is already a serious threat to the security of fingerprint readers on smartphones, supposed to guarantee an error rate of 1/1000.

DeepMasterPrints 01

The method aims above all to allow manufacturers of fingerprint reading modules to improve. Some systems are more fragile than others, such as the fingerprint reader housed in the on / off button on the edge, thin and discreet, but can only recover a very partial fingerprint (hardly more than a quarter of the total footprint).

The DeepMasterPrints technique also takes advantage of the fact that certain patterns of fingerprints are found more frequently than others, making it possible to create models more likely to cause unlocking, even without knowing the characteristics of the reference fingerprint.

This is where training the system through neural networks can help create universal fingerprints with characteristics that may correspond to certain partial images saved on the smartphone.

Used for malicious purposes, such a technique would not specifically target an individual but would rather seek to gain access to a large number of mobile devices.