How do I counterfeit a fingerprint scanner

How unique is my fingerprint?

Secure your smartphone with your fingerprint: This convenient solution is more error-prone than generally assumed. Because only parts of the finger are scanned, the likelihood of a false match is relatively high, as a study has now shown. In the test, simulated partial impressions outsmarted the security function of smartphones in up to 65 percent of the cases.

Most believe that their own fingerprint is unique. Fingerprint scanners are therefore enjoying growing popularity as a means of authentication in tablets and smartphones: Simply place your thumb on the sensor and the device is unlocked - provided the software verifies the scanned print as your own.

But this method is not as safe as it seems, as researchers working with Aditi Roy from New York University have now discovered. The problem: The small scanners in the smartphone only record part of the fingerprint. However, it is not always clear enough for unequivocal identification and therefore anything but “forgery-proof”.

The principle of the MasterPrint

For their study, the researchers analyzed 8,200 partial prints and looked for so-called “MasterPrints”: fingerprints whose partial prints matched as many others as possible that they can fool conventional identification software such as that in smartphones.

A MasterPrint is like an easy-to-guess password, explains Memon: “With a four-digit PIN, for example, the password 1234 is correct in about four percent of the cases. A fairly high hit rate, for that one guesses. ”Based on this example, the researchers then rated a fingerprint as a MasterPrint if it tricked the security software in four percent of the attempts.

better complete prints

As the researchers found, an average of 11.5 percent of the partial impressions had the potential of a MasterPrint. When comparing complete fingerprints, on the other hand, only one of 800 prints met the criteria, which corresponds to a proportion of 0.1 percent.

The results question the security of currently used fingerprint scanners, Memon suggests: "As expected, the probability of a false match for partial prints is much greater than for a full print, and most devices only identify partial prints."

Artificial impression as a universal key?

After analyzing the properties of the MasterPrints found, the researchers developed an algorithm to generate artificial partial MasterPrints. The scientists used them to outsmart 26 to 65 percent of smartphones, depending on how many fingerprints the user had stored in the device for identification. The more impressions were deposited, the more prone it was to false matches.

Even if this part of the experiment was only a simulation, it still shows that the technology is prone to errors. The researchers hope that better sensors with a higher resolution will be installed in the future in order to increase the security of smartphones. (IEEE Transactions on Information Forensics and Security, 2017; doi: 10.1109 / TIFS.2017.2691658)

(YU Tandon School of Engineering, April 18, 2017 - CLU)

April 18, 2017