Researchers have refined a technique to generate fake fingerprints that match multiple people, potentially undermining fingerprint-based access-control systems.
The technique opens up the possibility of fingerprint-based 'dictionary attacks', or the biometric equivalent of throwing a large set of possible passwords at a login page on the chance that one of them is correct.
The researchers from New York University detail in a new paper how they used a neural network to create 'DeepMasterPrints', or realistic synthetic fingerprints that have the same ridges visible when rolling an ink-covered fingertip on paper.
The attack is designed to exploit systems that match only a portion of the fingerprint, like the readers used to control access to many smartphones.
The aim is to generate fingerprint-like images that match multiple identities to spoof one identity in a single attempt.
DeepMasterPrints are an improvement on the MasterPrints the researchers developed last year, which relied on modifying details from already captured fingerprint images used by a fingerprint scanner for matching purposes.
The previous method was able to mimic the images stored in the file, but couldn't create a realistic fingerprint image from scratch.
The researchers tested DeepMasterPrints against the NIST's ink-captured fingerprint dataset and another dataset captured from sensors.
"This work directly shows how to execute this exploit and is able to spoof 23 percent of the subjects in the dataset at a 0.1 percent false match rate. At a one percent false match rate, the generated DeepMasterPrints can spoof 77 percent of the subjects in the dataset," the researchers write.
Previous and related coverage
OnePlus 6T could be the first phone available in the US with an in-screen fingerprint reader.
Samsung Electronics' contract chip-making business now offers six 8-inch wafer solutions, including a RF/IoT and fingerprint sensor, for its customers.
Vivo has showed off some of its answers to the quest for no-bezel smartphones.
An IBM study of The Future of Identity has found that whether people use passwords or biometrics is influenced by how old they are, where they live, and the value of the service involved. Choices are not purely technical...
New fingerprint sensor detects both tactile pressure and skin temperature to unlock smartphone, according to Nature Communications.
The OnePlus 6T is the first widely available phone in the US to have a fingerprint-on-display. But to do so, it abandons the headphone jack.