Vulnerabilities in Fingerprint Scanners

Can a Fingertip Really Secure Your Smartphone?


Fingerprint readers have become common in smartphones. During the past half-decade, fingerprint sensors have been incorporated into a rising number of top-end devices as an added convenience, but are increasingly a standard feature in many cases. One swipe of the finger unlocks a phone, giving access to apps and services. But this handy feature may be leaving security holes that can be exploited for nefarious purposes.

Last week, researchers at New York University and Michigan State University published findings that suggest smartphones can easily be fooled by fake fingerprints digitally composed of many common features found in human prints. In computer simulations, researchers were able to develop a set of artificial "master prints" that could match real prints similar to those used by smartphones.

Although no two individual fingerprints are identical and full prints are difficult to counterfeit, fingerprint scanners on smartphones are so small that they actually only read partial fingerprints. When a user sets up fingerprint security on a phone, the device typically takes eight to 10 images of a finger to make it easier to make a match. Many users record more than one finger — usually the thumb and forefinger of each hand. A finger swipe has to match only one stored image to unlock the phone, and the system is vulnerable to false matches.

The researchers didn't test their results in a wider real-world study. Nonetheless, the team's conclusion that the use of partial fingerprints for verification can be spoofed so easily is worrisome. Phone makers have acknowledged that fingerprint sensors aren't perfect, but these findings raise questions about the effectiveness of fingerprint security on smartphones.

Current smartphones don't support military-grade biometrics. These fingerprint readers aren't bulletproof, despite being increasingly used for financial transactions, which require a high level of security. Device makers will increasingly explore multifactor authentication to approach foolproof methods of verification, and we have already seen other technologies such as iris recognition being implemented. The novelty stage of biometrics in mobile devices has passed and suppliers of biometric sensors will need to continue exploring more-advanced security. This includes larger or higher-resolution fingerprint sensors to reduce the risk of biometric hacking, and, even better, combining more than one security measure to protect users further.

This entry was posted on April 18th, 2017 and is filed under Devices. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Posted By Raghu Gopal On April 18th, 2017


Comments
(There are no comments yet)
Leave a Comment

Hot News

Team Tweets

CCS Insight
Nokia 8 from @HMDGlobal packs some clever features into a nice design. But will they be enough?… https://t.co/D9yqF6bNUT
Follow CCS Insight
Shaun Collins
No login req'd! @CCSInsight analysis of the launch of the @nokiamobile 8. Nokia now back in the high tier.… https://t.co/fljj61y1wT
Follow Shaun
Ben Wood
Fancy being part of a documentary where you swap homes, budgets and lifestyles? Here is your chance... https://t.co/4YNl6XSPVt
Follow Ben
Martin Garner
@Qualcomm acquires AI startup @ScyferNL - will boost its cred in AI. https://t.co/i66rE18uGY. Positioning itself fo… https://t.co/NUbgS8nhOk
Follow Martin
Geoff Blaber
Amazon doubling down on developer momentum with Alexa Voice Service Device SDK. Google has much catching up to do https://t.co/4zXq4G6v5V
Follow Geoff
Marina Koytcheva
@nationalrailenq You think you are excused for the inconvenience? Is the signaling system ever going to get fixed??? https://t.co/wRlCbQZPuN
Follow Marina
Nicholas McQuire
Top move> #Box to integrate #GoogleCloud Vision image recognition API for image-based workflows #MachineLearning #AI https://t.co/tcDYRKfC3F
Follow Nicholas
Paolo Pescatore
Check out these cracking mobile plans from Plusnet. Must be among the lowest in the UK https://t.co/3fwlzaJzeu
Follow Paolo
Kester Mann
RT @shauncollins: Nokia launches the 8. It's flagship device with @ZEISSLenses, Dual Sight and Ozo Audio. Lovely device but will need posit…
Follow Kester
George Jijiashvili
RT @richardlai: This is pretty crazy: @Insta360's next camera may shoot orbiting video while stationary https://t.co/POgGXBp0yH https://t.c…
Follow George
Katie Taylor
RT @Medgadget: Data Mined Insurance Records Point to Interesting Disease Relationships | https://t.co/FP3BHTRAnS
Follow Katie
Tony Worthington
Evolution: Microtel, Mercury One-2-One, Orange, TMobile, EE, BT. Have I missed anything out?
Follow Tony

Recent Blog Posts

Blog Post
Nokia 8 Enters the High-End Fray New Nokia-Branded Smartphone Marks Milestone for HMD Global ... Read more
Blog Post
Zap&Go Your Device New Method Enables Battery Charging in Seconds It feels i... Read more
Blog Post
Banking on a New Direction The Rise of the Mobile Financial Services Provider If you... Read more
More blog

Latest Company News

Blog Post
Halcyon Days Ahead for Indian Telecom Market CCS Insight Predicts Consolidation in India to Just Four Mob... Read more
More news