Generative adversarial network produces a "universal fingerprint" that will unlock many smartphones


Originally published at:


Well, looks like smartphone security measures were broken aGAN (sorry, couldn’t help it).


well at least I don’t have to worry about somebody cutting off my finger now.


That’s not only barbaric, it’s also ineffective, your severed digit won’t last very long.


I’ve seen them all, and, man, they’re all the same.


So, instead of a skeleton key we now have a skeleton… finger?


I don’t use biometrics to lock my phone.


Maybe this is what it takes to open my iPhone!



Yes, biometrics are convenient but terribly insecure. Once defeated it’s not like you can easily change your fingerprints or retina.


Demolition Man taught me early why it’s such a bad idea;


They say these skeleton-key fingerprints can be used for a dictionary attack, which I take to mean that their attack consists of having a bag of computer-generated rubber fingers and trying them one by one (the equivalent of trying each word in a dictionary at a password prompt). For comparison, I believe a 22% success rate would be considered pretty good for a dictionary attack against a single password (plus, the dictionary here is much smaller).

Of course, that number does not represent how easily they can unlock your phone, because your phone won’t just sit there and let them try different fingers all day; after the first few failures it will demand your PIN.

Phone manufacturers have never acted as if fingerprints were hard to spoof. They accept biometric ID only where other evidence suggests the authorised user is likely to be present. For comparison, the Apple Watch can be unlocked by the presence of any human wrist, but only if that wrist has been present the whole time since the user was last authenticated by better means. Fingerprint sensors are just a fractionally more secure version of the same idea.

That said, some other fingerprint systems – notably, fingerprint door locks – are marketed on the idea that a fingerprint is as good as a PIN or even a password, which borders on fraud, and that’s been apparent for decades.


More security!


Next up…rectal scans.


Oh, it’s easy, and quick, too. But quite painful. Speaking from unfortunate experience! :dizzy_face:


This topic was automatically closed after 5 days. New replies are no longer allowed.