Tech lover,problem solver and anything that makes the world a better place. Find me on: Google plus;Search "Blog Earners"
Pages
▼
Tuesday, 13 June 2017
WHY AND HOW YOUR PHONE'S FINGERPRINT SECURITY CAN BE HACKED
The bad news is, fingerprints can still be stolen — and unlike a passcode, you can’t change your fingerprint, so a single credential theft creates a lifetime vulnerability. What looks like a security upgrade turns out to be something much more complex.The vulnerability lies in the fact that fingerprint-based authentication systems feature small sensors that do not capture a user's full fingerprint. Instead, they scan and store partial fingerprints, and many phones allow users to enroll several different fingers in their authentication system.
Identity is confirmed when a user's fingerprint matches any one of the saved partial prints. The there could be enough similarities among different people's partial prints that one could create a "MasterPrint."New findings published Monday by researchers at New York University and Michigan State University suggest that smartphones can easily be fooled by fake fingerprints digitally composed of many common features found in human prints. In computer simulations, the researchers from the universities were able to develop a set of artificial “MasterPrints” that could match real prints similar to those used by phones as much as 65 percent of the time.
The researchers did not test their approach with real phones, and other security experts said the match rate would be significantly lower in real-life conditions. Still, the findings raise troubling questions about the effectiveness of fingerprint security on smartphones.Full human fingerprints are difficult to falsify, but the finger scanners on phones are so small that they read only partial fingerprints.
When a user sets up fingerprint security on an Apple iPhone or a phone that runs Google’s Android software, the phone typically takes eight to 10 images of a finger to make it easier to make a match. And many users record more than one finger — say, the thumb and forefinger of each hand.While Google declined to comment, Apple spokesman Ryan James has said that the chance of a false match in the iPhone’s fingerprint system is 1 in 50,000. “Apple had tested various attacks when developing its Touch ID system, and also incorporated other security features to prevent false matches,” he added.
sources:
https://security.stackexchange.com/questions/144428/how-secure-is-a-fingerprint-sensor-versus-a-standard-password
No comments:
Post a Comment