When Masterprint Unlocks Them All

Fingerprints are used everywhere to unlock and authenticate, but researchers are developing master prints to override them.

We put a lot of trust in fingerprints. They are used to identify passengers at airports, access spaces and mark one's attendance, and unlock smartphones and laptops many times a day. However, they are more vulnerable than we think.

A year ago, a study carried out by a group of US-based researchers and published by the IEEE looked at the possibility of generating what was called a MasterPrint, a synthetic or real but partial fingerprint that serendipitously matches one or more of the stored templates. The preliminary results involving an optical and a capacitive fingerprint data set indicated that it was, indeed, possible to locate or generate partial fingerprints that could be used to impersonate a large number of users. The researchers, Aditi Roy, Nasir Memon and Arun Ross, considered it a potential vulnerability of partial fingerprint-based authentication systems, especially when multiple impressions are enrolled per finger.

Nasir Memon, who also coined the term MasterPrint, demonstrated how touch sensors on smartphones capture partial and low-resolution snapshots of our fingerprints and match them with stored images. The research showed there was a 65 per cent chance of successfully unlocking a phone with a synthetic master fingerprint. From several images that a smartphone typically enrols, there is enough data to ensure a partial match and unlock the device. With the speed that is so much at a premium on phones, user tolerance for anything that takes longer would be difficult. The need to keep the fingerprint scanner small is another reason why partial prints are used.

Now, a group of four, including the former three and Philip Bontrager, have created a synthetic fingerprint that can fool smartphone biometrics for at least 20 per cent of the population. Predictably, artificial intelligence has been used, and the result is DeepMasterPrint. Random fingerprints can still unlock a biometric system - it could be one in 1,000 times - but the DeepMasterPrint did it one in five times. Clearly, there is a massive vulnerability in a method that we use so ubiquitously, especially in India, where it is part of the Aadhaar card enrolment.

So, how do these hi-tech fake prints spoof the system? Simply put, skeleton key prints could emulate a variety of partial fingerprints to hypothetically hack into a device just like real-life master keys can be used to open any lock. Moreover, with the AI rapidly refining the match, security must be reconsidered.

Hear These Shades

You wear both your glasses and headphones on your head but probably did not imagine both of them coming together in a combined device. That is what Bose has been working on and the result, a product called Bose Frames, is now close to release.

This one looks like regular dark glasses but sports built-in speakers and microphones. It can be connected to smartphones and, therefore, to voice assistants such as Google Assistant and Siri, which will speak out useful information depending on location, making Frames the first augmented reality headphone-glasses. It also features built-in Bose speakers for an immersive and personal audio experience. Plus, there is a button to control music and power it on or off.

However, the battery used for these glasses only lasts a little over three hours and the device needs a two-hour recharge when drained out. For now, it is being launched in the US and has an official site. In time, the new device will give you a glimpse of the future audio wearables.