Tuesday, April 11, 2017

Fingerprint Spoofing

From the Grey Lady comes a report that the fingerprint reader used to unlock smartphones isn't secure.

Couple that with a service like Apple Pay or Android Pay on your phone and you have created a system where access to your smartphone is access to your debit and credit card accounts.

The vulnerability is related the way the devices use partial print matches to unlock.

" Our preliminary results on an optical fingerprint dataset and a capacitive fingerprint dataset indicate that it is indeed possible to locate or generate partial fingerprints that can be used to impersonate a large number of users. In this regard, we expose a potential vulnerability of partial fingerprint-based authentication systems, especially when multiple impressions are enrolled per finger."

No comments: