NYU Indian American researchers say, smartphone fingerprint scanners can be breached

NEW YORK (Diya TV) — In a recent study titled MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems, which appeared in IEEE Transactions on Information Forensics & Security last month, a trio of Indian-American researchers led by NYU Tandon School of Engineering professor Nasir Memon revealed the fingerprint-based security systems used in smartphones and other gadgets are a lot more vulnerable than we imagined.

The study first began when Memon dug into Apple’s identity-authentication software patent, which uses partial fingerprints instead of a full fingerprint.

According to the study, that’s where the system is most vulnerable to penetration: “They scan and store partial fingerprints, and many phones allow users to enroll several different fingers in their authentication system. Identity is confirmed when a user’s fingerprint matches any one of the saved partial prints,” it read. The researchers found that it was possible to have enough similarities among different people’s partial prints that one could create a ‘MasterPrint’ — one that could unlock multiple phones.

Aditi Roy, a NYU Tandon postdoctoral fellow and lead author of the paper, told Rediff.com, “As more and more financial transactions — for example, mobile banking and credit card payment — are conducted on fingerprint-enabled devices such as smartphones, issues related to identity theft and malicious access can lead to unprecedented financial damages.

“Vulnerabilities of fingerprint-based authentication systems can undermine the public’s faith in using biometric solutions. So, we wanted to perform a detailed security analysis of such systems that employ small sensors.”

And according to Roy, “the more partial fingerprints a given smartphone stores for each user, the more vulnerable it is.” As Memon explained to The New York Times, “it’s as if you have 30 passwords and the attacker only has to match one.”