AI can create fake fingerprint scans: Why we should be scared
The rapid rate at which technology is advancing is nothing short of stupendous. We've seen advances that have fundamentally changed how human beings interact with technology. While most of it has been for the positive, of late, we've also heard of instances where breakthroughs in technology have proven to be nothing but a headache.
Case in point — the creation of an AI that can create synthetic fingerprints to fool biometric scanners.
Now, we've known for a long time that biometric authentication technology isn't as foolproof as many experts would like us to believe —- and that most fingerprint scanners can be fooled by a lifted print or even a person's digitised fingerprint data. However, researchers at the New York University's Tandon School of Engineering has now created an AI tool which can create fake fingerprint data that can be used by hackers to gain unauthorised access to phones and other devices using fingerprint scanners as a mode of security lock.
Called the DeepMasterPrints, the AI can also be used to access some devices locked using iris-based biometric security.
As per a report published by Wired, DeepMasterPrints builds on previous research on the concept of a "master print" that combines common fingerprint traits. The report adds that during "initial tests last year, NYU researchers explored master prints by manually identifying various features and characteristics that could combine to make a fingerprint that authenticates multiple people."
Using machine learning models, the new research thus creates a vastly improved tool that can easily unlock biometric locks.
As the researchers explain, they created DeepMasterPrints by first feeding the AI with images of real fingerprints, so the system could begin to output a variety of realistic fingerprint scans. The researchers also used a technique called "evolutionary optimisation" to create a working print.
And the result?
DeepMasterPrints replicated 23 percent of fingerprints in a system that supposedly had an error rate of one in a thousand. However, its performance improved even further when pitted against a biometric lock, whose false match rate was one in a hundred. In such cases, the DeepMasterPrints were able to fool the lock 77 percent of the time.
Why DeepMasterPrints is important
Explaining the need for the research and how DeepMasterPrints can help existing biometric security locks, Philip Bontrager, a PhD candidate at NYU, and one of the researchers involved in the project, said: "Even if a biometric system has a very low false acceptance rate for real fingerprints, they now have to be fine-tuned to take into account synthetic fingerprints, too... Most systems haven’t been hardened against an artificial fingerprint attack, so it’s something on the algorithmic side that people designing sensors have to be aware of now."
Fingerprint scanners not as secure as we believe
More than anything, the research exposes the many shortcuts smartphone makers today take while creating the hardware and software for fingerprint scanners on their phones. As it stands, most phones today use extremely small sensors and are tuned for ultra-fast performance.
However, in this bid to improve speed and make the phones look sleek, they cut down on important aspects of security — the smaller sensor means that phones only read part of your finger at any given time, while the bid to improve their speed ensures they require very few variables to unlock. Thus, making them easier to unlock than ever.
A wake-up call
With the majority of important services, and almost all our phones and gadgets, using fingerprint scanners these days, the presence of an exploit that can use synthetic readings to fools such biometric locks is very concerning news.
As the researchers behind the project explain, the idea of DeepMasterPrint is to increase awareness in the industry about the possibility of such hacks and as it stands, the industry should sit up and take note of their words.
And rightly so — after all, in a world where from smartphones to Aadhaar and even mobile banking is all secured through tiny fingerprint scanners, it will be prudent for us to at least make sure these biometric security tools are beyond any attempt by hackers looking to steal our valuable data and money.