Fingerprint Sensor On Your Phone Not As Safe As You Think, Says ResearchApril 11, 2017 19:10
Most of us rely on using our fingerprints to unlock our phones, with no password required and pay for shopping. But, smart phone fingerprint scanners may not be as secure as we think, says researchers.
The makers of the smart phone are treating the fingerprint sensor as one of the most vital feature for any smart device to have. This technology has enabled users to save time, from manually entering passwords. And thanks to services like Apple and Android Pay, where fingerprint is all users need these days, to purchase any product. Also, online banking is made much easier too. You just have to swipe your finger and can instantly pay bills or transfer thousands of dollars.
A new research by New York University and Michigan State University, suggests that, smart phones are the easier tools for hackers to manipulate and use it to their benefit. The research says, smart phones can easily be fooled by fake fingerprints digitally composed of many common features found in human prints.
According to the report, the sensors embedded in these devices are generally small and the resulting images are, therefore, limited in size. These devices, to compensate for the limited size, often acquire multiple partial impressions, on a single finger during enrollment. This is to ensure that at least one of them will successfully match with the image obtained from the user during authentication.
Many cases are such wherein the users are allowed to enroll multiple fingers. Since the impressions pertaining to multiple partial fingers are usually associated with the same identity (i.e. one user), a user is said to be successfully authenticated even, if it were another person all together. And moreover, the job of unlocking a device or even transferring money through online banking can be easily done, even if a partial fingerprint is obtained during authentication.
The researchers have developed a series of “MasterPrints” made from the common features of human finger markings which they say can unlock any smart phone. This in turn, makes it easy for the hackers to impersonate a large number of users. In computer simulations, the researchers from the universities were able to develop a set of artificial “MasterPrints” that could match real prints, similar to those used by phones as much as 65% of the time.
A professor of systems and computer engineering at Carleton University in Canada, Andy Adler, said, “It is almost certainly not as worrisome as presented, but it is almost certainly pretty darn bad.” “If all I want to do, is take your phone and use your Apple Pay to buy stuff, if I can get into 1 in 10 phones, that is not bad odds.”
A professor of computer science and engineering at NewYork’s University, Tandon School of Engineering, Nasir Memon said, “It is as if you have 30 passwords and the attacker only has to match one.”
He further went on to indicate that if a hacker creates a “magic glove” with a MasterPrint on each finger, they could get into 40-50% of iPhones within five tries or less.
Apple spokesman Ryan James has said that the chance of a false match in the iPhone’s fingerprint system is 1 in 50,000. “Apple had tested various attacks when developing its Touch ID system, and also incorporated other security features to prevent false matches,” he added. However, Google declined to comment anything.
Dr. Memon said that despite his research he was still using fingerprint security on his iPhone. “Iam not worried,” he said. “I think it is still a very convenient way of unlocking a phone. But I would rather see Apple make me enter the PIN if it is idle for one hour.”