Computer scientists at New York University and Michigan State University have trained an artificial neural network to create fake digital fingerprints that can bypass locks on cell phones. The fakes are called “DeepMasterPrints”, and they present a significant security flaw for any device relying on this type of biometric data authentication. After exploiting the weaknesses inherent in the ergonomic needs of cellular devices, DeepMasterPrints were able to imitate over 70% of the fingerprints in a testing database.
An artificial neural network is a type of artificial intelligence comprising computer algorithms modeled after the human brain’s ability to recognize patterns. The DeepMasterPrints system was trained to analyze sets of fingerprint images and generate a new image based on the features that occurred most frequently. This “skeleton key” could then be used to exploit the way cell phones authenticate user fingerprints.
In cell phones, the necessarily small size of fingerprint readers creates a weakness in the way they verify a print. In general, phone sensors only capture a partial image of a print when a user is attempting to unlock the device, and that piece is then compared to the phone’s authorized print image database. Since a partial print means there are fewer characteristics to distinguish it than a full print, a DeepMasterPrint needs to match fewer features to imitate a fingerprint. It’s worth noting that the concept of exploiting this flaw is not unique to this particular study; however, generating unique images rather than using actual or synthesized images is a new development.