It’s supposed to take security to a whole new level: using fingerprints and handprints to access buildings and smartphones. But what happens when someone can use your fingerprint without you even realizing it?
It was once a high-tech concept only dreamed up in the movies, but using fingerprints to access your secure information is something millions of us do every day.
It’s called biometrics, which means you’re using a unique biological characteristic as a security measure.
For most people that means using your thumbprint to unlock your smart phone, but it could also mean using a handprint to get into a secure area in a building.
“A lot of these ideas come from ‘James Bond’ movies. It’s becoming a reality now,” said Michigan State University Professor Anil Jain. Jain says his team of researchers has figured out how to crack the code by replicating fingerprints.
The team in the Computer Science Department started their research hoping to find a way to calibrate fingerprint scanners.
“The byproduct of this research is we can spoof! I can steal your finger print,” said Prof. Jain.
Here’s how they did it: using real fingerprints and a 3D printer, the researchers then create a mold that looks like a human hand.
In their lab, they’ve been testing four different fingerprint readers from four different major companies that make the secure systems. They ultimately want to put the 3D “spoofed” hand on a robot.
“The robot can put it on the finger print reader with different pressure, distortion, so we can study how well the finger print readers are capturing images,” said Jain.
Now that they’ve exposed the flaw in the system, Professor Jain says it’s up to the technology companies to close the loopholes.
“The burden is on them – they’re selling the finger print reader embedded in the mobile phone, right? The burden is on them to tell whether the finger which is being placed on the finger print reader is real human skin,” said Jain.
“There’s obviously cause for concern, and now there will have to be a new technique developed to overcome this,” said Bill Kowalski, former FBI Agent, and current Director of Operations for Rehmann Corporate Investigative Services. Kowalski says more and more companies are using biometrics, which means they have to be on the lookout for security failures like these.
“There’ll be some attempts to defeat it. And they’ll be a new generation of higher security. So you have to keep improving and keep monitoring,” said Kowalski.
This fingerprint work at MSU is being funded by a grant from the US Department of Commerce.