[Phemist]

The usual approach to spoofing fingerprints is by somehow acquiring a latent fingerprint from a "genuine" user, creating a mold from this latent fingerprint through e.g. [1], and then applying the mold to the fingerprint sensor.

What these authors previously showed is that you can create a "masterprint" on a representation (feature vector) level that "averages" a lot of fingerprints together, creating something that is usually quite close to any individual's fingerprint, and thus is able to fool recognition software quite often.

In practice, this would require an attacker to by-pass the sensor and feature extractor parts of a biometric system, and inject their masterprint feature vectors directly into the biometric comparator (one that compares the current sample, to a template derived from previously enrolled samples). Considering these systems are usually tightly integrated, this is quite a hard attack to do.

What the authors now present is a way to generate "DeepMasterprints". These are actual images that can be used to create molds such as [1], and can be applied to any fingerprint sensor that doesn't have a sufficient Presentation Attack Detection(PAD) mechanism (Hint: supposedly most PADs on smart phones are easy to by-pass, same thing for older fingerprint sensors). For these spoofs attacks, the difficult part was actually getting a high quality print off the genuine user.. but now it turns out this isn't really necessary and you can use a "deepmasterprint" to get a high enough chance of being mistaken for _any_ genuine user.

[1] http://www2.washjeff.edu/users/ahollandminkley/Biometric/ind...