Biometric fingerprint scanners hacked with AI


BBased on unique and ‘immutable’ physical traits, biometric security measures, such as fingerprinting, iris scanning, and voice recognition, are often considered one of the most secure methods to verify the identification of an individual.

Now, however, it looks like even these security methods are susceptible to being digitally compromised. Researchers at New York University (NYU) have developed a artificial intelligence (AI) tool capable of synthesizing human fingerprints in order to fool biometric security systems.

Fingerprint technology is used in billions of smartphones and other devices around the world. The results are therefore very worrying, especially since the fake fingerprint – nicknamed “DeepMasterPrint” – has managed to deceive touch authentication systems one in five times.

The researchers likened it to “a master key that can unlock all the doors in the building”, adding that it could “theoretically unlock a large number of devices.”

Although the use of AI is new, the concept of universal fingerprinting is the result of previous research by the NYU that attempted to exploit the fact that the majority of fingerprinting devices are designed to read only a partial fragment of a fingerprint, given how unlikely it is. that a user will place their finger down the same way each time.

Instead, and just like you would with an iPhone’s fingerprint system, users should generally save multiple images, meaning that a match for any partial impression is enough to confirm identity.

However, these partial fingerprints are much less likely to be unique, so researchers were able to “stitch” multiple fragments together to create a “MasterPrint” capable of “cheating” fingerprint verification systems.

In the most recent study, the research team trained a machine learning algorithm to generate synthetic fingerprints as MasterPrints that NYU said could be used to launch a “brute force” attack on them. Fingerprint accessible systems where fingerprint images are cached.

“Fingerprint-based authentication is still an effective way to protect a device or system, but at this point most systems don’t check whether a fingerprint or other biometric is from a real person or from a person. a replica, “said Bontrager, a doctoral student. and lead author of the research paper.

This is certainly not the first time that the security of fingerprint scanners has been called into question. In 2013, for example, the hacker collective Chaos Computer Club revealed how to hack the iPhone’s fingerprint scanner with traditional fingerprint cloning techniques.

But when it comes to the method pioneered at NYU, the danger lies in its potential magnitude. He has been compared to a ‘dictionary attack‘against character-based passwords, where an attacker can run a pre-generated list of common passwords against a security system.

The result is that while it is unlikely to target a particular individual, if “DeepMasterPrint” technology were used maliciously, it could potentially be used on a large scale.


Comments are closed.