1

As far as I understand different fingerprint scanners have different security levels. Old fingerprint print scanners could be fooled quite easily as the CCC (Chaos Computer Club) demonstrated.

How much can I trust the Fingerprint sensor in Google's latest phones, Pixel 3/Pixel 3 Xl?

user3382203
  • 11
  • 10
Christian
  • 1,876
  • 1
  • 14
  • 23
  • Related article ["Better Biometrics in Android P"](https://android-developers.googleblog.com/2018/06/better-biometrics-in-android-p.html) suggests that they consider their FAR (SAR/IAR) below 7%, but doesn't lay out details. – gowenfawr Nov 27 '18 at 22:15

2 Answers2

3

For the sake of ergonomy, smartphones are equipped with small fingerprint sensors which means they are able to obtain only partial images of a given fingerprint. The chances of a partial fingerprint being incorrectly matched with another "user" fingerprint is relatively high. (cf: MasterPrint: Exploring the Vulnerability of Partial Fingerprint-Based Authentication Systems)

Recently (18 Oct 2018) researchers introduced the concept of DeepMasterPrints which is basically based on training a neural network on a set of real fingerprint images in order to create a synthetic fingerprint able to fool a fingerprint sensor, this is roughly done this way (cf: this paper):

enter image description here

So to answer your question:

This work directly shows how to execute this exploit and is able to spoof 23% of the subjects in the dataset at a 0.1% false match rate. At a 1% false match rate, the generated DeepMasterPrints can spoof 77% of the subjects in the dataset.

And Google Pixel cannot be an exception.

This said if you're locking your phone to answer a"normal life" need...You do not have to worry :)

Soufiane Tahiri
  • 2,667
  • 12
  • 27
0

Google's minimum requirement for Fingerprint implementation in Pixel or Nexus device is documented here.

According to Mobile ID World Pixel 3 uses FPC1075 sensor developed by Fingerprints which uses capacitive sensor.

With maturity of the technology, the fingerprint sensors are likely the least of your problem if you decide to rely on fingerprint for unlocking. Some of the inherent weaknesses of fingerprint-based authentication are inherent in the concept itself, and will remain no matter how much the sensors improved: you leave fingerprints everywhere you go, including on the device itself. Particularly vulnerable is that mobile phone fingerprint unlocks don't require full print match but just a small slice of the print, to make it easier for user to unlock their device without putting the fingers in awkward positions. The best feature of fingerprint unlocks is really that its convenience and ease of use may make most users more likely to lock the screen and use lower lock screen timeout. However if you really need high security on your mobile device, you probably want to consider password based authentication.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
  • @SoufianeTahiri: that as well yes, but you might also notice that you usually need to cover much less than 50% of the sensor size to match. Also, despite the small size, it's in theory possible to take full fingerprint image by taking multiple images. Still the matching is done by partial matches because most people don't want to roll their fingers around to unlock their service as would've been needed to actually do a full matching. – Lie Ryan Nov 27 '18 at 15:05
  • Isn't password based encryption easily attacked with cameras these days for mobile devices that get used in public? – Christian Nov 27 '18 at 16:17
  • There are articles like https://www.pbs.org/newshour/science/ultrasound-sensors-dig-deeper-into-your-fingerprints-and-fat that suggest it might possible to build fingneerprint sensors that need more information the information that's left while leaving fingerprint whereever on goes. – Christian Nov 28 '18 at 09:02