Right now one of the common methods at securing a phone involves the use of a Fingerprint sensor. Since no two people have the same fingerprint, it sounds like a pretty foolproof solution, doesn’t it? Unfortunately researchers at New York University and Michigan State University have found that isn’t exactly the case.
Basically what the team has done is generate a set of fake fingerprints that consists of digital composites of common features found in the fingerprints of people. Through the use of computer simulation, they were able to get a match at a rate of 65%, which is pretty alarming, although the researchers think that it might not be quite as successful in real-life.
Speaking to The New York Times, Nasir Memon, a computer science and engineering professor at New York University summed it up by saying, “It’s as if you have 30 passwords and the attacker only has to match one.” He adds that in theory, someone could create a glove with five different composite fingerprints and could potentially be successful with half of their attempts made.
For the record Apple responded to the article with regards to its Touch ID security. The report reads, “Apple said the chance of a false match in the iPhone’s fingerprint system was 1 in 50,000 with one fingerprint enrolled. Ryan James, a company spokesman, said Apple had tested various attacks when developing its Touch ID system, and also incorporated other security features to prevent false matches.”