The fingerprint reader on your phone may not be as secure as you think

I love using the fingerprint scanner on my phone. When I’m trying to pull up a recipe while cooking or have a drink in my hand, it makes getting into my phone simple while keeping it secure. But it seems that it may not be as secure as we think. The same way that people have been able to fool face-recognition sensors with facsimiles of faces, researchers have developed a set of “master” fingerprints – like a master key – that shows some flaws in the process.

Researchers at the University of Michigan have developed a set of fake digital fingerprints that put together the common features found in many fingerprints.

With these digital composites, the team was able to get matches 65 percent of the time in their simulation. This is just a simulation, and the New York Times says that experts think the process would be less successful in the real world, but it does still introduce a worry.

Matching snapshots

While no two fingerprints are exactly alike, there are patterns, and our phones read our prints by comparing them to snapshots of parts of our fingers. So the print stored on your phone is a bunch of tiny pieces of prints rather than a scan of a full print, and those little pieces have more similarity than total prints do.

Dr. Nasir Memon, a professor at NYU’s Tandon School of Engineering and one of three authors of the study, believes that if one could print a glove with the so-called MasterPrints on them, 40-50 percent of iPhones could be accessed within the 5 tries allowed before the password prompt pops up.

The potential ramifications of this will be hard to guess at until these studies start putting physical prints against physical phones, but Memon said the risk drops as you have fewer prints included on the phone. More prints stored means more snapshots and more potential matches.

There’s not much to worry about quite yet, but maybe our phones should have multi-factor authentication as well.

Leave a Reply

Your email address will not be published. Required fields are marked *