Generative adversarial network produces a "universal fingerprint" that will unlock many smartphones

doctorow · November 15, 2018, 6:45pm

Originally published at: https://boingboing.net/2018/11/15/masterprints.html

…

erroneus · November 15, 2018, 8:32pm

Well, looks like smartphone security measures were broken aGAN (sorry, couldn’t help it).

TobinL · November 15, 2018, 8:35pm

well at least I don’t have to worry about somebody cutting off my finger now.

Avyctes · November 15, 2018, 9:09pm

That’s not only barbaric, it’s also ineffective, your severed digit won’t last very long.

Medievalist · November 15, 2018, 9:33pm

I’ve seen them all, and, man, they’re all the same.

Legion · November 15, 2018, 10:53pm

So, instead of a skeleton key we now have a skeleton… finger?

Melz2 · November 15, 2018, 11:08pm

I don’t use biometrics to lock my phone.

TheGreatParis · November 15, 2018, 11:18pm

Maybe this is what it takes to open my iPhone!

Boom!

anon87143080 · November 16, 2018, 1:23am

Yes, biometrics are convenient but terribly insecure. Once defeated it’s not like you can easily change your fingerprints or retina.

Melz2 · November 16, 2018, 1:28am

Demolition Man taught me early why it’s such a bad idea;

bobtato · November 16, 2018, 1:51am

They say these skeleton-key fingerprints can be used for a dictionary attack, which I take to mean that their attack consists of having a bag of computer-generated rubber fingers and trying them one by one (the equivalent of trying each word in a dictionary at a password prompt). For comparison, I believe a 22% success rate would be considered pretty good for a dictionary attack against a single password (plus, the dictionary here is much smaller).

Of course, that number does not represent how easily they can unlock your phone, because your phone won’t just sit there and let them try different fingers all day; after the first few failures it will demand your PIN.

Phone manufacturers have never acted as if fingerprints were hard to spoof. They accept biometric ID only where other evidence suggests the authorised user is likely to be present. For comparison, the Apple Watch can be unlocked by the presence of any human wrist, but only if that wrist has been present the whole time since the user was last authenticated by better means. Fingerprint sensors are just a fractionally more secure version of the same idea.

That said, some other fingerprint systems – notably, fingerprint door locks – are marketed on the idea that a fingerprint is as good as a PIN or even a password, which borders on fraud, and that’s been apparent for decades.

MadLibrarian · November 16, 2018, 2:03am

More security!

douglas_stuart · November 16, 2018, 2:33pm

Next up…rectal scans.

Medievalist · November 16, 2018, 11:12pm

Oh, it’s easy, and quick, too. But quite painful. Speaking from unfortunate experience!

doctorow · November 20, 2018, 6:45pm

This topic was automatically closed after 5 days. New replies are no longer allowed.

Topic		Replies	Views
Hacking a phone's fingerprint sensor in 15 mins with $500 worth of inkjet printer and conductive ink boing	30	3399	March 11, 2016
Masterprints: synthetic fingerprints that unlock up to 65% of phones (in theory) boing	9	1506	April 19, 2017
Rubber fingertips to use with fingerprint-based authentication systems boing	21	2718	July 2, 2016
Chaos Computer Club claims it can unlock iPhones with fake fingers/cloned fingerprints boing	90	8884	September 27, 2013
Why fingerprints make lousy authentication tokens boing	75	8010	September 18, 2013

Generative adversarial network produces a "universal fingerprint" that will unlock many smartphones

Related topics