Biometrics means of authentication especially fingerprints have for so long been considered highly secure because of their uniqueness. And even though some established research on spoofing fingerprints, the idea has been far from achievable for scammers and other criminals.
If you should go by the economics of the game, the consequences of collecting unique and accurate fingerprints of each likely victim, and then forging them onto a medium of faux fingers are likely to be higher than what could be stolen by these criminals. An exception, however, may be influential personalities but most of us might pragmatically escape the chance of having both our fingerprints and data (or money) stolen.
A threat to this condition is new artificial intelligence (AI) called DeepMastersPrints, which has for long learned how to produce a single ‘master’ fingerprint that can easily trick any fingerprint scanner and thereby unlock it. The clear analogy, which Vice Media’s Motherboard also summons, is that of a master key which can open most, if not all, of the locks.
This artificial intelligence is made up of two GANs (generative adversarial networks). In a GAN, the two neural networks which improve accuracy by working together with one another with one acting as a ‘generator’ which produces a unique dataset, 2D image of a fingerprint in this case and the other works as a ‘discriminator’ and tests the produced results of the first. The result is confirmed and changed slightly by the generator each time the discriminator rejects it. As a result of this, the process is repeated thousands or even millions of times until it comes up with a perfect solution.
Researchers from the University of Michigan and the New York University, together have used a GAN to create a set of master prints. These neural networks were trained using ‘rolled’ fingerprints etched on pieces of paper after being scanned as well as using data from smartphones.
What’s is most concerning is the fact that the fingerprint readers on smartphones capture the impressions only partially, which gives the ‘sneaky AI’ an edge over manageable scanners on phones. The researchers were able to trick systems of three different levels of security with success rates of 76% (for the lowest security), 26% (for medium security) and lastly 1.2% (for highest security).
These levels of security are designed as:
Highest – it will unlock incorrectly using the wrong fingerprint once in ten thousand times
Medium – once in a thousand times
Lowest – once in a hundred times
This means that if 1,000 smartphone users with the most secure fingerprint scanner using the highest security level, 12 users could be duped using the master fingerprint. Imagine what will happen to people using cheaper smartphones.
While this does not bring out an instant response from the industry or permanent banishment of the beloved and prized fingerprint scanner, the researchers may have to look for ways to either make fingerprint scanners more secure or hunt for other mechanisms.
Meanwhile, papers do not call out facial authentication on smartphones as in the case with iPhones; we are not yet sure if Apple’s Face ID can be deceived. So, what do you think about the future of biometrics unlocking? Share your thoughts in the comments section below.