That Fingerprint Sensor on Your Phone Is Not as Safe as You Think

The New York Times ^ | April 10, 2017 | By VINDU GOEL

[Swordmaker]

. . .New findings published Monday by researchers at New York University and Michigan State University suggest that smartphones can easily be fooled by fake fingerprints digitally composed of many common features found in human prints. In computer simulations, the researchers from the universities were able to develop a set of artificial “MasterPrints” that could match real prints similar to those used by phones as much as 65 percent of the time.

The researchers did not test their approach with real phones, and other security experts said the match rate would be significantly lower in real-life conditions. Still, the findings raise troubling questions about the effectiveness of fingerprint security on smartphones.

[Swordmaker]

"never tested on a real phone. .. " The problem with that is that even using a photo of the real user's finger print WILL NOT WORK with the Apple fingerprint sensor. . . because Apple is not using the fingerprint itself but rather the ridges and valleys of the fat pad underneath the fingerprint! Photos or representations of fingerprints do not work!

[Swordmaker]

Researchers claim that merely machine certain common characteristics found on all fingerprints can unlock fingerprint sensors on smartphones. . . but they didn't bother to test their common feature prints on any real smartphones. Just on their own ideas of how such sensors work. Apple's doesn't even use the fingerprint itself but rather senses the ridges and valleys of the fat pad underneath the skin of the fingerprint. . . and that is why a photo or representation of the actual user's fingerprint does not work, much less a generic 65 point common characteristic print is unlikely to work either. — PING!

Pinging dayglored and ThunderSleeps for their interests. . .

Researchers Claim They Have Found A Way
To Unlock Smartphone Fingerprint Sensors,
But Did Not Bother To Test It On Any Smartphones!
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

[umgud]

A few days ago, a co-worker lost his brand new MOTO, I found it and could do nothing to get past his fingerprint setup. Even when ringing.

[Vendome]

Worst password ever. They can force that on you in law.

[Tainan]

Just more NYT Fake news / Complete BS posted as "news": Note the "convenient" use of suggest that , In computer simulations,, could match, The researchers did not test their approach with real phones, and other security experts said the match rate would be significantly lower in real-life and more and more "Considerations" that lead an intelligent person to cry BS about the entire article. Sorry - NO GO on this one !

[PA Engineer]

They can force that on you in law.

They can. That is the reason I bypassed it during setup.

[Arthur McGowan]

They should have 1,000 people other than the owner put their fingers on a phone. The number of times the phone unlocks for the wrong person would be a meaningful number.

[Paladin2]

Thank Hussein that these guys are funded....

[Swordmaker]

Worst password ever. They can force that on you in law.

Only in a couple of minor state jurisdictions. It has not been through the courts beyond a trial court level. . . and those two cases haven't even been appealed yet.

[Swordmaker]

They can. That is the reason I bypassed it during setup.

If you think you are going to be arrested, turn your phone off. Then back on. It requires your passcode before the sensor will work again. . . or don't have it on your person, leave it in your car. They have to get a search warrant for your car and by the time they get that it will have cycled and then also require a passcode. In addition, they have to get another search warrant to have you apply your finger to any such devices not found on your person.

[IncPen]

Another thought is that the 6 digit code on an iPhone lends itself to using one’s own birthday... it’s a better strategy to use a sibling or parent’s birthday. At least make big brother work for it.

[dayglored]

Hi Swordmaker, thanks for the ping.

They didn't even test it??? What kind of arrogant, non-scientific fools are these? These "researchers" cheapen the entire field of scientific research! It almost makes me embarrassed to have bothered to get a science degree years ago. They befoul everything they touch. But they get the grants...

> Still, the findings raise troubling questions about the effectiveness of fingerprint security on smartphones.

Sounds a LOT like "It doesn't matter whether the man is guilty or not, IT'S THE SERIOUSNESS OF THE CHARGE!"

What a bunch of BS.

[dayglored]

That said, I have an iPhone5 without fingerprint sensor, and if I get a version with the sensor, I’m not going to use it. I don’t trust such a sensor to always recognize my fingerprint in an emergency, which is the reverse problem. :-)

[Bratch]

The fingerprint sensor isn't meant for your security.

It's a data-mining operation for the NSA.

[mad_as_he$$]

My finger doesn’t work 80% of the time on an iphone six; so I imagine an image will work b80% of the time.

[aMorePerfectUnion]

I stick with the password. Better that way.

[martin_fierro]

The researchers did not test their approach with real phones,

So ... Fake, but Accurate. Pinch Sulzberger's NYT, ladies & germs.

[Swordmaker]

My finger doesn’t work 80% of the time on an iphone six; so I imagine an image will work b80% of the time.

Redo the fingerprint entry setup. Mine works about 98% of the time. On the other hand, the finger has to be living. Are you, by chance, an 80% Zombie? GRIN.

[Swordmaker]

Worst password ever. They can force that on you in law.

Actually it's not. . . Samsung came out with a facial recognition system for their new phones and it turns out that even a so-so photo taken under poor conditions, such as a mug shot, can often unlock it. I'd say that is the worst password ever. LOL!

Did you notice that these scientists are learning their "science" from the global warming crowd? They are not bothering to do their science in the real world. . . which could be easily done. They are only doing it with "statistical models" in computers. . . using statistical models they built using assumptions of facts and accuracy they created and think are true. They don't go out and do any research to base those assumptions any reality as is noted by the statement that the manufacturers who are using fingerprint scans don't let them have any data about how they are doing it. . . LOL! This is STRAWMAN SCIENCE.

[Swordmaker]

They didn't even test it??? What kind of arrogant, non-scientific fools are these? These "researchers" cheapen the entire field of scientific research! It almost makes me embarrassed to have bothered to get a science degree years ago. They befoul everything they touch. But they get the grants...

Globular Bull Warming Scientists. . . see my post just above this.