These AI-generated fake fingerprints can fool smartphone security

Attackers no longer need your actual fingerprint to unlock your phone.

Researchers have refined a technique to generate fake fingerprints that match multiple people, potentially undermining fingerprint-based access-control systems.

The technique opens up the possibility of fingerprint-based 'dictionary attacks', or the biometric equivalent of throwing a large set of possible passwords at a login page on the chance that one of them is correct.

The researchers from New York University detail in a new paper how they used a neural network to create 'DeepMasterPrints', or realistic synthetic fingerprints that have the same ridges visible when rolling an ink-covered fingertip on paper.

The attack is designed to exploit systems that match only a portion of the fingerprint, like the readers used to control access to many smartphones.

The aim is to generate fingerprint-like images that match multiple identities to spoof one identity in a single attempt.

DeepMasterPrints are an improvement on the MasterPrints the researchers developed last year, which relied on modifying details from already captured fingerprint images used by a fingerprint scanner for matching purposes.

SEE: How to implement AI and machine learning (ZDNet special report) | Download the report as a PDF (TechRepublic)

The previous method was able to mimic the images stored in the file, but couldn't create a realistic fingerprint image from scratch.

The researchers tested DeepMasterPrints against the NIST's ink-captured fingerprint dataset and another dataset captured from sensors.

"This work directly shows how to execute this exploit and is able to spoof 23 percent of the subjects in the dataset at a 0.1 percent false match rate. At a one percent false match rate, the generated DeepMasterPrints can spoof 77 percent of the subjects in the dataset," the researchers write.

newyorkdeepmasterprints.jpg

The researchers used a neural network to create 'DeepMasterPrints', or realistic synthetic fingerprints.

Image: New York University

Previous and related coverage

OnePlus 6T will have a fingerprint sensor in the screen

OnePlus 6T could be the first phone available in the US with an in-screen fingerprint reader.

Samsung adds fingerprint sensor to 8-inch foundry

Samsung Electronics' contract chip-making business now offers six 8-inch wafer solutions, including a RF/IoT and fingerprint sensor, for its customers.

Future of phones? Vivo's Apex has pop-up camera, big in-screen fingerprint reader

Vivo has showed off some of its answers to the quest for no-bezel smartphones.

In fingerprints and banks we trust: IBM reports on the future of authentication

An IBM study of The Future of Identity has found that whether people use passwords or biometrics is influenced by how old they are, where they live, and the value of the service involved. Choices are not purely technical...

Smartphone fingerprint sensor checks body temperature to boost biometric security TechRepublic

New fingerprint sensor detects both tactile pressure and skin temperature to unlock smartphone, according to Nature Communications.

OnePlus 6T's in-screen fingerprint reader looks to the future CNET

The OnePlus 6T is the first widely available phone in the US to have a fingerprint-on-display. But to do so, it abandons the headphone jack.