Consumer Peripherals

Your Smartphone Fingerprint Security System May Not Be as Safe as You Think

12 April 2017

Smartphones that capture multiple partial fingerprints for security are more vulnerable than just one partial fingerprint or a full fingerprint scan. Image credit: NYU TandonSmartphones that capture multiple partial fingerprints for security are more vulnerable than just one partial fingerprint or a full fingerprint scan. Image credit: NYU Tandon

For years, smartphones have been secured using either a passcode or a pattern lock system. That is until biometric fingerprint security came along promising heightened security measures using a user’s fingerprint. With no fingerprints being the same, nothing could be safer, right?

However, a team of researchers from New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough to fool biometric security systems used in mobile phones and other electronics devices leading them to be much more vulnerable than previously thought.

At the heart of the vulnerability is the small sensors used to capture the fingerprint authentication systems. These sensors do not capture a user’s full fingerprint but instead scan and store partial fingerprints or some allow for multiple fingers as the authentication system. Identity is confirmed when a user’s fingerprint matches any of these saved partial prints.

Researchers were able to develop a concept for a “MasterPrint” or a print that matches enough similarities among different people’s prints that could be used by hackers to crack a biometric smartphone security system.

The idea is similar to attempts to create a master code for pin based smartphone security systems used by hackers. The team found that a MasterPrint could indeed be created from multiple human fingerprint patterns that were close enough to raise security concerns.

The analysis used took 8,200 partial fingerprints and through commercial fingerprint verification software found an average of 92 potential MasterPrints for every randomly sampled batch of 800 partial prints. However, only one full-fingerprint MasterPrint was found in a sample of 800 full prints.

“Not surprisingly, there’s a much greater chance of falsely matching a partial print than a full one, and most devices rely only on partials for identification,” says Nasir Memon, professor of computer science and engineering at NYU Tandon.

How They Did It

The team culled MasterPrints from real fingerprint images and then built an algorithm for creating synthetic partial MasterPrints. Experimenting with the synthetic partial print the researchers found these had an even wider matching potential, making them more likely to fool biometric security systems than real partial fingerprints.

The team reported successful matching of between 26 percent and 65 percent of users depending on how many partial fingerprint impressions were stored for each user and assuming a maximum number of five attempts per authentication. The more partial fingerprints a smartphone stores, the more vulnerable it is.

The results of the project show that challenges remain in designing trustworthy fingerprint-based authentication systems and work on future designs is needed.

“As fingerprint sensors become smaller in size, it is imperative for the resolution of the sensors to be significantly improved in order for them to capture additional fingerprint features,” says Arun Ross, professor of computer science at Michigan State. “If resolution is not improved, the distinctiveness of a user’s fingerprint will be inevitably compromised. The empirical analysis conducted in this research clearly substantiates this.”

To contact the author of this article, email

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the GlobalSpec
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Find Free Electronics Datasheets