Scientists give biometric security systems the (fake) finger

Spoof digit can crack the two common types of fingerprint scanners

Researchers have fabricated a wearable fake fingertip that is able to fool biometric security systems.

The spoof digit end features a number of properties found in human skin, and is being used to test the two main types of fingerprint reader.

Most readers – such as those used to unlock smartphones and currently being trialled at Canberra International Airport – are either optical or capacitive. Optical readers use light rays to capture an image while capacitive use electrical current to create an image.

"This new spoof has the proper mechanical, optical and electrical properties of a human finger. Compared to current fake fingers that only contain one or two of these properties, our new version could prove much more challenging to detect,” said Anil Jain, a biometric expert at Michigan State University who led the team to make the wearable.

The fake fingers were created using conductive silicone, silicone thinner and pigments, cast in a mould.

"What makes our design unique is that it mimics a real finger by incorporating basic properties of human skin," said Jain.

The researchers will use the dummy digit to test the recognition accuracy between different types of readers, which is often poor. For example, if a capacitive reader was used to capture a fingerprint, but an optical fingerprint reader was later used to authenticate that same fingerprint, it's less likely the print will be accurately identified.

By using the new spoof, companies could develop methods to improve the accuracy, the researchers said.

"Given their unique characteristics, we believe our fake fingers will be valuable to the fingerprint recognition community," said Jain. "Consumers need to know their fingerprints and identity are secure, and vendors and designers need to demonstrate to the consumers the technology is not only accurate but also resilient to spoof attacks. It will help motivate designers to build better fingerprint readers and develop robust spoof-detection algorithms."

Facing facts

A wide range of smartphone models include a fingerprint scanner, the first being the Toshiba G500 in 2007. The technology found a mass market when Apple introduced Touch ID to the iPhone 5S in 2013 (after buying biometric company AuthenTec for nearly $360 million in 2012).

It was quickly discovered that the Touch ID authentication system, and others, could be defeated using a latex copy of someone's fingerprint, according to a German hacking group.

Fingerprint scanners are commonly used at US airports and in home security locks.

“As fingerprints continue to become a key to access society’s confidential data, social benefits, networks, and buildings, the need to know and quantify fingerprint recognition accuracy is paramount,” Jain added.

Apple is now moving towards a different biometric – the users face. The upcoming iPhone X will use Face ID, technology that unlocks your iPhone X by using infrared and visible light scans to uniquely identify a user’s face. The company says it will work in a variety of conditions and is extremely secure. Though no one outside Apple has yet been able to confirm how well it works.

Competitor Samsung featured an iris scanner on its now defunct Galaxy Note 7, which could make it to future Galaxy handsets, it is reported.

One in three Australians has a fingerprint scanner on their smartphone, according to Deloitte’s 2016 Mobile Consumer Survey. Almost 70 per cent regularly use the capability, making an estimated 100 million imprints a day.


Join the newsletter!

Error: Please check your email address.

Tags securityscannerbiometricsfingerprintcyberbiometric

More about AppleAuthenTecDeloitteGalaxynews.com.auSamsungToshiba

Show Comments