Nasir Memon, Aditi Roy and Arun Ross released a study in April to expose the vulnerability of the fingerprint-based security system.
Three Indian American researchers have revealed that the latest fingerprint based security system is not as foolproof as expected. In their study MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems, which appeared in IEEE Transactions on Information Forensics & Security, the trio explained that electronic gadgets and fingerprint-enabled devices are vulnerable.
“As more and more financial transactions – for example, mobile banking and credit card payment – are conducted on fingerprint-enabled devices such as smartphone, issues related to identity theft and malicious access can lead to unprecedented financial damages,” Aditi Roy told Rediff.com.
A New York University Tandon School of Engineering’s postdoctoral fellow and the lead author of the paper, Roy said, “Vulnerabilities of fingerprint-based authentication systems can undermine the public’s faith in using biometric solutions. So, we wanted to perform a detailed security analysis of such systems that employ small sensors.”
The researchers started their work by analyzing 8,200 partial fingerprints. The initial findings revealed that on an average of 92 potential MasterPrints can be found for every randomly sampled batch of 800 partial prints. They explained MasterPrint as the print that matches at least four percent of the randomly selected sample for fingerprints. Thereafter, they created a synthetic partial MasterPrints.
Roy said, “Our experiments showed that synthetic partial prints have an even wider matching potential, making them more likely to fool biometric security systems than real partial fingerprints.”
The researchers, however, are yet to conduct tests with real phones. “I agree that in real-life the accuracy may decrease,” Roy admits. “But if we can attack even 10 percent of the users in the five attempts allowed by most mobile phones, that will represent a real threat to the users.”
Roy suggests that the concerned industries should make their system more robust to plug all loopholes.