Although Apple claims its fingerprint scanner is 5 times more secure than a typical 4-digit passcode, security researchers claim they have developed a set of fake MasterPrints that demonstrate criminal intruders could access 65 percent of fingerprint scanners.
In a joint study by New York University and Michigan State published in IEEE (Institute of Electrical and Electronics Engineers) Transactions on Information Forensics & Security, researchers claim to be able to hack fingerprint scanners almost two-thirds of the time.
Although human fingerprints are highly differentiated, the researchers discovered that enough pattern similarities existed, they could create a handful of master fingerprints that could fool most biometric readers.
Mobile devices originally used numerical passcodes for login security, because there is only a 1 in 10,000 odds of guessing a 4-digit passcode and a 1 in 1,000,000 odds of guessing a 6-digit passcode. But simple transmission of numerical passcodes to an authenticating machine or a person have become increasingly vulnerable to electronic scanner data packet interception.
To increase security, Apple led the move to biometric sensors with the acquisition of AuthenTec fingerprint identification software for $356 million in 2012. Claiming that the probability of its home button fingerprint scanner matching finding a match in two fingerprints is 1 in 50,000, Apple standardized Touch ID scanning access beginning with the iPhone 5S on September 10, 2013. A month later, Apple introduced the Touch ID fingerprint scanning for its 5th generation iPad.
According to the Web Cusp blog, almost all high-end mobile devices from Samsung, Google, LG, Xiaomi, Sony, Motorola and many more also started offering fingerprint scanners in 2014. Apple Pay, iTunes Store, App Store and Android Pay also implemented fingerprint authentication in 2015. The Proctor Cars blog reported that auto manufacturers were expected to soon offer biometric fingerprint access as a standard vehicle feature.
The NYU and Michigan State researchers’ reported that their claims of being able to access 65 percent of fingerprint enabled devices is based on computer simulations, not testing on actual devices. But researchers warned that with the technology available to unauthorized intruders to create fake fingerprints rapidly advancing, the percentage access rate availability for criminal intruders will move higher.
Samsung received huge kudos on March 29 when they introduced iris scanning and facial recognition access with the release of their Galaxy S8 and S8+ smartphones. But 2 days later, iDeviceHelp demonstrated on YouTube that facial recognition could be accessed with a picture.
Both Apple Touch ID and Samsung are expected to soon introduce software patches to make their biometric sensors much more secure.