Biometric features like fingerprint sensors and iris scanners have made it easier to securely unlock phones, but they may never be as secure as a good old-fashioned password. Researchers have repeatedly worked out methods to impersonate registered users of biometric devices, but now a team from New York University and the University of Michigan has gone further. The team managed to create so-called “DeepMasterPrints” that can fool a sensor without a sample of the real user’s fingerprints.
Past attempts to bypass biometric systems usually involve getting access to a registered individual’s data — that could be a copy of their fingerprint or a 3D scan of their face. DeepMasterPrints involves generating an entirely new fingerprint from a mountain of data that’s close enough to fool the sensor. Like so many research projects these days, the team used neural networks to do the heavy lifting.
The process started with feeding fingerprints from 6,000 people into a neural network in order to train it on what a human fingerprint looks like. A neural network is composed of a series of nodes that process data. It feeds forward into additional “layers” of nodes if the output meets a certain threshold. Thus, you can train the network to get the desired output. In this case, the researchers used a “generative adversarial network” to tune the system’s ability to generate believable fingerprints. The network used its understanding of prints to make one from scratch, and then a second network would determine if they were real or fake. If the fingerprints didn’t pass muster, the network could be re-tuned to try again.