AI creates fake 'master' fingerprints that are so realistic they could hack into a third of smartphones

Researchers have revealed a radical AI system that can create a 'master key' for fingerprint, raising major questions over the security of phones and other devices that rely on them.

Called 'DeepMasterPrints' researchers - who created the fake prints using a neural network - were able to mimic more than one in five fingerprints using their technique.

The team from New York University and Michigan State University behind the system told CNBC it could unlock a 'reasonably large' number of phones — just under a third.

From unlocking smartphones to authorising payments, fingerprints are widely used to identify people. However, a team of researchers have now managed to accurately copy real fingerprints and created fake ones called 'DeepMasterPrints' (pictured)

  • HOW DOES YOUR PHONE READ A FINGERPRINT?
  • Fingerprint systems do not generally read the entire fingerprint but just record whichever part of it touches the scanner first.
  • This means they're easier to fake than complete prints. 
  • For each finger stored in place of a password, the device keeps multiple images. 
  • If someone then uses their finger to unlock that device, they only need to match one of the partial fingerprint images on its security system.

They warn hackers could see the system as a lucrative way to make money.

'If every fifth phone works it would be a profitable scam,' they said. 

'MasterPrints are real or synthetic fingerprints that can fortuitously match with a large number of fingerprints', researchers, led by Philip Bontrager from New York University, wrote in the paper presented at a security conference in Los Angeles.

'In this work we generate complete image-level MasterPrints known as DeepMasterPrints, whose attack accuracy is found to be much superior than that of previous methods.' 

The method, which is called Latent Variable Evolution, is created by training a Generative Adversarial Network (GAN) on real fingerprint images.

Fingerprint systems do not generally read the entire fingerprint but just record whichever part of it touches the scanner first, writes the Guardian.

This means they're easier to fake than complete prints. 

The GAN created multiple fake fingerprints that matched real ones enough to trick the scanner as well as the human eye.

Researchers found it was able to imitate more than one in five fingerprints when a bionic system should only have an error rate of one in a thousand. 

For each finger stored in place of a password, the device keeps multiple images. 

If someone then uses their finger to unlock that device, they only need to match one of the partial fingerprint images on its security system.

'If you store images for three of your fingers the device may keep around 30 partial fingerprints,' the researchers said. 

'With MasterPrints you just have to create a few -b five or ten and I'm in business.' 

GANs  'teach' an algorithm about a particular subject - in this case fingerprints - by feeding it massive amounts of information.

GANs consists of two neural networks that learn from looking at raw data.

One looks at the raw data (fingerprints) while the other generates fake images based on the data set.   

The GAN created multiple fake fingerprints that matched real ones enough to trick the scanner as well as the human eye.

Researchers found it was able to imitate more than one in five fingerprints when a bionic system should only have an error rate of one in a thousand. 

Researchers - who created the fake prints using a neural network - were able to mimic more than one in five fingerprints (stock image)

'The underlying method is likely to have broad applications in fingerprint security as well as fingerprint synthesis', researchers wrote.

They hope their research will help develop more secure authentication systems in the future.

'Experiments with three different fingerprint matchers and two different datasets show that the method is robust and not dependent on the artefacts of any particular fingerprint matcher or dataset.

'This idea is surprisingly under-explored and could be useful in computational creativity research as well as other security domains', researchers found.

  • WHAT ARE BEHAVIOURAL BIOMETRICS?
  • Physical biometrics, such as fingerprints, facial recognition and retinal scans, are currently more commonly used for security purposes.
  • However, behavioural biometrics - which include things like how you walk - are able to capture unique things about a person's behaviour and movement.
  • They also include things such as voice ID and signature analysis.
  • Researchers from the University of Manchester have developed an AI biometric verification system that measures an individual's gait or walking pattern. 
  • This non-intrusive technique can successfully verify people with 99.3 per cent accuracy after they walk over a pressure pad on the floor - and they don't even need to take their shoes off. 
  • Behavioural biometrics are already used for authentication in financial institutions and businesses.
  • After people provide their biometric data, AI picks out specific data points which it processes using an algorithm. 
REGISTER NOW

By Mark Prigg / US Science and Technology Editor

US Science and Technology Editor @MailOnline, Welsh, Cardiff City fan, primate enthusiast.

Website

Twitter

(Source: dailymail.co.uk; January 1, 2019; https://tinyurl.com/y8rg8msk)
Back to INF

Loading please wait...