Hackers are good at what they do—some can even use the way you move your phone to guess a 4-digit PIN in five attempts or less. That's why most of us with compatible hones use the fingerprint scanner. It's just much more secure. Or is it?
Researchers from Michigan State University and New York University have developed what they call "MasterPrints," which, when tested through computer simulations, were able to trick fingerprint scanners 65% of the time.
The New York Times reports that the techniques work because fingerprint scanners only go off partial prints, not off a complete snapshot of the finger. NYU researcher Nasir Memon asserts that partial prints are much easier to crack than whole prints, and in fact, the more fingerprints saved to the phone, the easier it is to gain access. This is because there are more so-called "parts" that could possibly be used to trick the sensor.
Memon warns in the researchers' paper that hackers may someday be able to develop "five-finger gloves" with one "MasterPrint" per finger. These gloves, according to Memon, would be capable of potentially breaking open half of all phones. Luckily, we have some time to prepare, as this research has only been successful through computer simulation, and not real-world application.
Until the research begins on consumer fingerprint scanners, we can't know for sure how vulnerable our fingerprint scanners really are. Apple has claimed that there is a one in 50,000 chance of fooling its Touch ID with one fingerprint saved. Google has not commented on its fingerprint security since this research was released.
If you're worried, maybe you shouldn't be—even Memon himself still uses the fingerprint scanner on his iPhone. While he'd prefer Apple require the password after some period of inactivity, Memon's own research isn't enough to convince him to take other precautions with his security.
Just watch out—there are theories that, since fingerprint data is stored in files, those files can be stolen and used against you. While Memon and the research team are focused on how to fool the system, these hackers wouldn't have to fool anything at all, since they would be using authentic fingerprints.
Maybe you should think twice before setting up that fingerprint scanner—you never know who could be watching.