News

Scientist says he can fool fingerprint ID scanners

A thumbprint may seem simpler and more secure than a pass code or password.

But one of the nation's top computer scientists says he has discovered a security flaw with the kind of fingerprint identification technology often used to lock cellphones.

We traveled to New York University to interview engineering professor Nasir Memon, who says he has found a way to use synthetic fingerprints to trick touch identification systems.

"We found (finger) prints that can match 20, 30, 40, percent of the time," Memon said.

Cellphone readers are not looking at all of a fingerprint.It examines small, less-distinct sections of multiple fingers, making it easier for Memon to fool touch ID readers.

RELATED: 5 ways to become a smaller target for ransomware hackers

His team says a savvy criminal could create a glove with five artificial fingerprints to hack into phones

"It's not easy for just 'Joe on the street' to do it, but for a powerful adversary, they just have to do it once," Memon said.

He has not yet tried to hack actual cellphones.That's a flaw in his research according to Brenda Leoung. She watches out for security weaknesses at the Future of Privacy Forum.

"That's not the way most fingerprint technology actually works," she said.

Apple, Google and others technology companies are likely matching hundreds or even thousands of data points on those tiny slivers of fingerprints, making phones more secure, she said.

RELATED: Some medical devices could be vulnerable to hackers

"We feel like the security of these devices is pretty strong," Leoung said.

Even the team at NYU is not suggesting you disable your thumbprint ID. Memon still uses his touch ID to unlock his phone, but says a PIN is much more secure.

Apple and Google did respond to our requests for comment.

0