Identity is confirmed when a user's fingerprint matches any one of the saved partial prints. The there could be enough similarities among different people's partial prints that one could create a "MasterPrint."New findings published Monday by researchers at New York University and Michigan State University suggest that smartphones can easily be fooled by fake fingerprints digitally composed of many common features found in human prints. In computer simulations, the researchers from the universities were able to develop a set of artificial “MasterPrints” that could match real prints similar to those used by phones as much as 65 percent of the time.
The researchers did not test their approach with real phones, and other security experts said the match rate would be significantly lower in real-life conditions. Still, the findings raise troubling questions about the effectiveness of fingerprint security on smartphones.Full human fingerprints are difficult to falsify, but the finger scanners on phones are so small that they read only partial fingerprints.
When a user sets up fingerprint security on an Apple iPhone or a phone that runs Google’s Android software, the phone typically takes eight to 10 images of a finger to make it easier to make a match. And many users record more than one finger — say, the thumb and forefinger of each hand.While Google declined to comment, Apple spokesman Ryan James has said that the chance of a false match in the iPhone’s fingerprint system is 1 in 50,000. “Apple had tested various attacks when developing its Touch ID system, and also incorporated other security features to prevent false matches,” he added.
sources:
https://security.stackexchange.com/questions/144428/how-secure-is-a-fingerprint-sensor-versus-a-standard-password
No comments:
Post a Comment