AI can now forge fingerprints that trick biometric identity scanners


Artificial intelligence researchers have used a neural network to create fake fingerprints that could be a hacker’s dream tool.

Five researchers, led by Philip Bontrager of the New York University School of Engineering, developed what they called “DeepMasterPrints”. The Guardian reported that the research was presented to a biometrics conference in Los Angeles in October. As the Guardian points out, their report, published last month, explains how the fake fingerprints they generated could replicate more than one in five real fingerprints in a biometric identification system.

The article suggests that this technique could be used to create replicated fingerprints that could be used in something akin to a “dictionary attack”, but instead of software that executes millions of passwords. popular via a system, a tool inspired by DeepMasterPrints could run multiple fake fingerprints. through a system to see if impressions match accounts.

The key to their research is that many fingerprint scanners only read part of a fingerprint, and some parts of the fingertips have more in common than others.

So when the researchers created new fingerprints by feeding a set of actual fingerprints into a generative contradictory array, they only had to create fingerprints that matched certain portions of other fingerprints, the portions that tend to have things in common.

It is unlikely that someone will use such a technique to break into your phone (as one report suggests). “A similar setup to ours could be used for nefarious purposes, but it probably wouldn’t have the success rate we reported unless it optimizes it for a smartphone system,” Bontrager told Gizmodo. “It would take a lot of work to try to reverse engineer a system like this. “

But if a hacker gained access to a system with many accounts accessible by fingerprint, he would have a good chance of hacking a few.

Bontrager and his team want their research to inspire companies to step up their fingerprint security efforts. “Without verifying that a biometrics is from a real person, a lot of these contradictory attacks become possible,” Bontrager said. “The real hope of a job like this is to push towards the detection of liveliness in biometric sensor.”

[The Guardian]


Comments are closed.