Hacking Fingerprints (Yours, Mine, Theirs)

Neural networks just hacked your fingerprints by Thomas McMullan.

From the post:

Fingerprints are supposed to be unique markers of a person’s identity. Detectives look for fingerprints in crime scenes. Your phone’s fingerprint sensor means only you can unlock the screen. The truth, however, is that fingerprints might not be as secure as you think – at least not in an age of machine learning.

A team of researchers has demonstrated that, with the help of neural networks, a “masterprint” can be used to fool verification systems. A masterprint, like a master key, is a fingerprint that can be open many different doors. In the case of fingerprint identification, it does this by tricking a computer into thinking the print could belong to a number of different people.

“Our method is able to design a MasterPrint that a commercial fingerprint system matches to 22% of all users in a strict security setting, and 75% of all users at a looser security setting,” the researchers ­– Philip Bontrager, Julian Togelius and Nasir Memon – claim in a paper.

The tweet that brought this post to my attention didn’t seem to take this as good news.

But it is, very good news!

Think about it for a moment. Who is most likely to have “strict security settings?”

Your average cubicle dweller/home owner or …, large corporation or government entity?

What is more, if you, as a cubicle dweller are ever accosted for a breach of security, leaking fingerprint protected files, etc., what better defense than known spoofing of fingerprints?

Not that you would be guilty of such an offense but its always nice to have a credible defense in addition to being innocent!

For further details:

DeepMasterPrint: Generating Fingerprints for Presentation Attacks by Philip Bontrager, Julian Togelius, Nasir Memon.

Abstract:

We present two related methods for creating MasterPrints, synthetic fingerprints that a fingerprint verification system identifies as many different people. Both methods start with training a Generative Adversarial Network (GAN) on a set of real fingerprint images. The generator network is then used to search for images that can be recognized as multiple individuals. The first method uses evolutionary optimization in the space of latent variables, and the second uses gradient-based search. Our method is able to design a MasterPrint that a commercial fingerprint system matches to 22% of all users in a strict security setting, and 75% of all users at a looser security setting.

Defeating fingerprints as “conclusive proof” of presence is an important step towards freedom for us all.

Comments are closed.