Hackers can generate AI fingerprints to hack phones, study shows
Digital fingerprints on smartphones were once seen as a sure shot to ward off would-be hackers, compared to more vulnerable passcodes. Not only are these scanners used to unlock phones, but now major banks offer this as a means to log into checking accounts.
Fortune reports, however, that criminals are now fooling these smartphone fingerprint scanners to access mobile bank accounts of unwitting victims.
According to an award winning paper published by New York University and Michigan State University researchers, hackers are thwarting biometric security systems using deep learning technologies.
The authors found that hackers can use digitally modified or partial images of real fingerprints called MasterPrints to trick scanners that only check certain parts of a fingerprint image instead of the whole fingerprint. Only human inspectors spotted these fakes.
These DeepMasterPrints, as they are called, are made using “generative adversarial networks (GANs),” which have gained notoriety as of late for their ability to create “deep fakes” propagating fake news online.
For this new study, their team used neural networks to create digital fingerprints that looked even more convincing and harder to detect. These DeepMasterPrints, as they are called, are made using “generative adversarial networks (GANs),” which have gained notoriety as of late for their ability to create “deep fakes” propagating fake news online.
Getting away with fake fingerprints is still not a cake walk for hackers. Often fingerprint scanners use heat sensors to detect human fingers, according to Philip Bontrager, a NYU PhD candidate in computer science who also was on this research team.
Fortune notes that the emergence of DeepMasterPrints is nonetheless troubling because it demonstrates how companies relying on biometric technology must be vigilant to keep up with AI innovation.
Julian Togelius, one of the paper’s authors and an NYU associate computer science professor, mentioned to Fortune that following the publication of their research, “large companies” reached out to learn more about these cybersecurity risks.
According to Dr. Justas Kranauskas, a research and development manager for Neurotechnology, the maker of fingerprint sensor software who spoke to Fortune via email, companies can implement more stringent security standards than those in the study.
Finding a middle ground will be crucial, however, because as Bontrager told Fortune, adding too many hurdles can make the experience much less user-friendly.