Generative adversarial network produces a "universal fingerprint" that will unlock many smartphones

Originally published at: https://boingboing.net/2018/11/15/masterprints.html

3 Likes

Well, looks like smartphone security measures were broken aGAN (sorry, couldn’t help it).

2 Likes

well at least I don’t have to worry about somebody cutting off my finger now.

7 Likes

That’s not only barbaric, it’s also ineffective, your severed digit won’t last very long.

I’ve seen them all, and, man, they’re all the same.

1 Like

So, instead of a skeleton key we now have a skeleton… finger?

6 Likes

I don’t use biometrics to lock my phone.

6 Likes

Maybe this is what it takes to open my iPhone!

Boom!

3 Likes

Yes, biometrics are convenient but terribly insecure. Once defeated it’s not like you can easily change your fingerprints or retina.

2 Likes

Demolition Man taught me early why it’s such a bad idea;

7 Likes

They say these skeleton-key fingerprints can be used for a dictionary attack, which I take to mean that their attack consists of having a bag of computer-generated rubber fingers and trying them one by one (the equivalent of trying each word in a dictionary at a password prompt). For comparison, I believe a 22% success rate would be considered pretty good for a dictionary attack against a single password (plus, the dictionary here is much smaller).

Of course, that number does not represent how easily they can unlock your phone, because your phone won’t just sit there and let them try different fingers all day; after the first few failures it will demand your PIN.

Phone manufacturers have never acted as if fingerprints were hard to spoof. They accept biometric ID only where other evidence suggests the authorised user is likely to be present. For comparison, the Apple Watch can be unlocked by the presence of any human wrist, but only if that wrist has been present the whole time since the user was last authenticated by better means. Fingerprint sensors are just a fractionally more secure version of the same idea.

That said, some other fingerprint systems – notably, fingerprint door locks – are marketed on the idea that a fingerprint is as good as a PIN or even a password, which borders on fraud, and that’s been apparent for decades.

1 Like

More security!

3 Likes

Next up…rectal scans.

2 Likes

Oh, it’s easy, and quick, too. But quite painful. Speaking from unfortunate experience! :dizzy_face:

This topic was automatically closed after 5 days. New replies are no longer allowed.