Researchers from two different universities have demonstrated the possibility of creating MasterPrints to unlock phones.

Tech Republic reported that a new research from New York University (NYU) Tandon School of Engineering and Michigan State University College of Engineering has shown that fingerprint scanners used in more sophisticated smartphones and tablets could be less secure than originally thought. The researchers said that since this technology scans and stores partial versions of fingerprints, it makes matching partial prints a lot easier

Like Us on Facebook

"The initial theory was that the researchers could create a "MasterPrint" that could potentially match to many different partial prints, and give them access to a user's device," the researchers said in a press release.

To test the theory, the researchers used the concept of hacker guessing a PIN number as 1234, and the result yielded 4 percent. While it may seem low at face value, it is actually "relatively high probability when you're just guessing," explained NYU professor Nasir Memon.

The study examined around 8,200 partial fingerprints for the potential prints MasterPrints using a commercial fingerprint verification software. It found that there are 92 potential MasterPrints reaching the 4 percent benchmark for every 800 random partial prints.

To further test the theory, digitally simulated MasterPrints were created from real samples, and the results yielded more successful matching between 26 and 65 percent of users, depending on how many partial fingerprint impressions were stored for each user and assuming a maximum number of five attempts per authentication. 

In essence, the researchers concluded that the more partial fingerprints a given smartphone stores for each user, the more vulnerable it is.

Asked to comment on the findings, Apple told the Telegraph that the probability of having a false match on the iPhone's fingerprint system is only 1 in 50,000 with one fingerprint enrolled. Apple spokesman Ryan James also said that they tested various attacks when developing the Touch ID systems. He also noted that the security features were incorporated to prevent false matches.