translated from Spanish: An artificial intelligence creates false fingerprints that mislead security

a group of researchers at the University of New York developed an artificial intelligence which replicates the pattern of fingerprints and can be ac transfer to systems with biometric protection. According to a report presented at a Conference of computer security developed in Los Angeles, the program, named “DeepMasterPrints” (or “Impressions teachers deep”), got to imitate one of every five fingerprints in a system that should be a rate of error of one thousand. The key to replicate information is to take advantage of two vulnerabilities in the current fingerprint readers. The first is a part of the finger own technology, that only scans to compare with your records; and the second is intrinsic to the human being, since some parts of the track tend to have common patterns that are easier to duplicate.
“Without checking that the biometric comes from a real person, many of these attacks become feasible, said the project leader Philip Bontrager readers normally used in cell phones create a full fingerprint record, but” for verification (for reasons of comfort for the user) use only a fragment of it. So, artificial intelligence only need to recreate one of those fragments to gain access to the system. Based on these concepts, the researchers used a technique of machine learning (programs that evolve on the basis of the amount of input data and generate own algorithms) to create fingerprints that coincided with the greatest possible amount of original.

The footprints (l) real and the artificial (r) | Image: Arvix artificial intelligence not only managed to create prints that can exploit these vulnerabilities but also look real in sight, something that until now impossible. had been how can be used?
The researchers say that a development like this could be used in attacks similar to those known as “dictionary attack”, in which a hacker trying to gain access to a system running a list of common passwords looking forward to with the correct. An attack of this kind may not be effective if you have a specific target, but records on a large scale could find match some of the fingerprints generated. again I put the pin on the phone?
It is not necessary (at least for now). As the project leader Philip Bontrager explained: “a configuration similar to ours can be used for evil purposes, but hardly works unless it is optimized for the phone, something that would take a lot of work”. Bontranger hopes the discoveries of his team generate an evolution in the efforts of companies using biometric data. In this note: Machine Learning Artificial Intelligence

Original source in Spanish