Vulnerability In Mobile Phone Fingerprint Sensor

Researchers Discovered Worrying Vulnerability In Fingerprint Sensor

So, you think mobile phone fingerprint sensor is secured? Well, think again. In a join research by NYU Tandon School of Engineering and Michigan State University, researchers discovered that there are similarities in partial fingerprints which may be enough to trick the biometric security systems on smartphones into unlocking the devices. You may think this is an irrational fear, but not if you knew that most mobile phones of today uses partial fingerprints, not full fingerprints, to identify the authorized users and so, yikes it certainly is.

The fact that no two people could have identical fingerprints are not entirely true is even not relevant here. What we talking about here is the potential to spoof a device is very real because partial similarities between prints are common enough and that alone is worrying revelation.

Here’s the gist:

“The vulnerability lies in the fact that fingerprint-based authentication systems feature small sensors that do not capture a user’s full fingerprint. Instead, they scan and store partial fingerprints, and many phones allow users to enrol several different fingers in their authentication system. Identity is confirmed when a user’s fingerprint matches any one of the saved partial prints. The researchers hypothesized that there could be enough similarities among different people’s partial prints that one could create a ‘MasterPrint’.”

And what’s more disconcerting is, this is not mere paper-talk; actual experiments have been carried out. A total of 8,200 partial fingerprints were put through a commercial fingerprint verification software and what they found was rather startling: an average of 92 potential MasterPrints for every randomly sampled batch of 800 partial prints. 4 percent may be considered low risk, but a risk is still a risk, regardless.

Plus the fact that most devices rely on partial prints for identification which, if enough effort were to be devoted into it, someone could be able to turn out a MasterPrint if they really wanted to. Though it is worthy to note that only one full fingerprint MasterPrint was found in a sample of 800 full prints. But of course, while vulnerable, it would take a lot for a potential hacker to arrive to stage where it could delude your device’s biometric security system.

However, like I have said, a risk is still a risk and who knows a more competent hacking method could be found to exploit the partial print recognition? You can read, in full, the exploration of the vulnerability of partial fingerprint HERE.

Image: NYU Tandon.