Scientist says he can fool fingerprint ID scanners

NEW YORK — A thumbprint may seem simpler and more secure than a passcode or password.

But one of the nation's top computer scientists says he has discovered a security flaw with the kind of fingerprint identification technology often used to lock cellphones.

We traveled to New York University to interview engineering professor Nasir Memon, who says he has found a way to use synthetic fingerprints to trick touch identification systems.

"We found (finger)prints that can match 20, 30, 40 percent of the time," Memon said.

Cellphone readers are not looking at all of a fingerprint.

They examine small, less-distinct sections of multiple fingers, making it easier for Memon to fool touch ID readers.

RECENT INVESTIGATIONS:

• Does Roundup kill more than just weeds? Lawsuits claim it also causes cancer
• Family unknowingly leases dog only to find out it can be repossessed anytime
• DUIs in Georgia drop nearly 50% ... one reason why might surprise you

His team says a savvy criminal could create a glove with five artificial fingerprints to hack into phones

"It's not easy for just 'Joe on the street' to do it, but for a powerful adversary, they just have to do it once," Memon said.

He has not yet tried to hack actual cellphones.

That's a flaw in his research, according to Brenda Leoung.

She watches out for security weaknesses at the Future of Privacy Forum.

"That's not the way most fingerprint technology actually works," she said.

Apple, Google and other technology companies are likely matching hundreds or even thousands of data points on those tiny slivers of fingerprints, making phones more secure, she said.

"We feel like the security of these devices is pretty strong," Leoung said.

Even the team at NYU is not suggesting that you disable your thumbprint ID.

Memon still uses his touch ID to unlock his phone, but says a PIN is much more secure.

Apple and Google did respond to our requests for comment.

Cox Media Group