Although , no two people are believed to have identical fingerprints, researchers at the New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought. The vulnerability lies in the fact that fingerprint-based authentication systems feature small sensors that do not capture a user’s full fingerprint. Instead, they scan and store partial fingerprints, and many phones allow users to enroll several different fingers in their authentication system. Identity is confirmed when a user’s fingerprint matches any one of the saved partial prints. The researchers hypothesized that there could be enough similarities among different people’s partial prints that one could create a “MasterPrint.”
Team leader Nasir Memon explained that the MasterPrint concept bears is akin to a hacker who attempts to crack a PIN-based system using a commonly adopted password such as 1234.
“About 4 percent of the time, the password 1234 will be correct, which is a relatively high probability when you’re just guessing,” said Memon. The research team set out to see if they could find a MasterPrint that could reveal a similar level of vulnerability. They found that certain attributes in human fingerprint patterns were common enough to raise security concerns.
Researchers say “As fingerprint sensors become smaller in size, it is imperative for the resolution of the sensors to be significantly improved in order for them to capture additional fingerprint features,” Ross said. “If resolution is not improved, the distinctiveness of a user’s fingerprint will be inevitably compromised. The empirical analysis conducted in this research clearly substantiates this.”