I have enjoyed the convenience of simply placing my thumb or index finger on my iPhone’s finger print scanner and having the phone quickly unlock. Apple has convinced me and many of you that the fingerprint scanners are secure and almost impossible to hack.
Well the honeymoon is over folks. According to a new study published in the journal IEEE Transactions on Information Forensics & Security researchers from Michigan State and NYU have created what they dub a “Master Fingerprint”. This new finger print composite was made by compiling patterns found in real fingerprints and is said to be able to unlock about 65% of phones.
The travesty. Why is this happening?
Lets go with the assumption that no two fingerprints are alike, there may be evidence to suggest this is not true, but please humor me. When a full fingerprint is captured at a crime scene an expert can compare each and every detail against a sample print and determine if its a match. Now take your phone out of your pocket and look at the size of the fingerprint scanner. Its quite small, not even close to the size of your actual finger. Do you remember when you set the scanner up? You probably scanned your fingers from every possible angle multiple times. The phone stores all the partial images together for each finger so you can later unlock your phone no matter which position your finger is in when you press the button.
Here’s where the researchers are exploiting the scanner. One of the authors of the study said “There’s a much greater chance of falsely matching a partial print than a full one, and most devices rely only on partials for identification.”
Your device will probably give you a few chances to get a match before forcing you to type a password so a potential hacker could try multiple master fingerprints before being locked out.
Like most other security measures biometrics are not hack-proof by any means. Researchers have even fooled the new facial recognition lock on the Samsung Galaxy S8 with a simple photo. (I will save that story for another day)
Don’t go disabling your phones fingerprint scanner just yet, all of this research was done in computer simulation and the technology to actually make a physical master fingerprint is still in development. Just remember not to leave your phone on your desk at work, the funny looking gloves Frank wore to work today do more than just keep his hands warm.
Thanks for reading
-Joe