Data security is becoming more important by the day. People are developing more and more ways in which they can make data even more secure. But with every new security measure, new problems arise and new ways to bypass those security measures are developed.
The newest trend in the mobile industry is the implementation of fingerprint ID. The idea behind the fingerprint scanner is that it is more secure, but also much faster for accessing your device. The Touch ID on the iPhone is indeed a very fast and reliable option for accessing your phone, and with every new iteration, this technology becomes more reliable and much faster.
Scientists are now trying to find a way to access these devices by using something they are calling a master fingerprint. This master fingerprint works in a similar way to a master key and is supposed to be able to open any lock. These master prints are supposed to emulate a large number of different fingerprints, and it may cycle them until it finds the right combination that is able to hack the device.
The idea is that there is a fingerprint combination equivalent to the most common four-digit security code, something like “1234” or “1122”. The scientist used a digital database and developed a master fingerprint that was able to imitate a random fingerprint 26 to 65 percent of the time. This is a big range indeed, but there is a good reason behind it. The database used in the study was relatively small. So, in theory, with a big enough database, the master fingerprint may be able to unlock any sensor system.
There are additional things that need to be factored into the equation. For starters, the fingerprint sensor on any mobile device is small. Additionally, a person can add multiple fingerprints to a single device. Every device also gives the user multiple chances to unlock the device. All these issues pose serious security threats.
The fact that the sensor is able to store multiple fingerprints, the database of partial fingerprint scans grows in size and so does the ability of a master fingerprint to find the correct combination. This is especially true since the sensor on the phone does not recognize the finger that is placed on it but only the pattern. The system does not even recognize the position in which the finger is placed. So, as soon as the device finds any combination that works, it grants the person access to the device.
A group of scientists led by Nasir Memon, a computer scientist from NYU’s Tandon School of Engineering used a database which contained around 800 prints. From the database the researchers extracted thousands of partial fingerprints which they later matched against one another and came to a surprising conclusion; there were some fingerprints which were perfect matches more than 15 percent of the time.
One of the main issues with this study is that it was computer-based. This means that no physical device was used during testing. So, all the findings so far are purely theoretical.
Another issue with this study is that it used minutia points to create the master fingerprint. The issue with this is in our fingers ironically enough. The human finger consists of ridges and valleys. Some ridges might split, while others might just end. These ridges and valleys are what experts call minutia points. The problem with this is that phone sensors use texture patterns of a fingerprint and not the minutia points.
Still, the study exposed some significant vulnerabilities. The trend in the phone industry is to make smaller sensors. A smaller sensor means that a smaller fingerprint pattern is used, so the chance that a fingerprint of one person is similar to the fingerprint of another person increases.