The fingerprint or biometric security system on your smartphone is not as secure as you think. Researchers from NYU and Michigan State University have discovered a way to fool biometric security systems into giving them access to smartphones.
According to the researchers, fingerprint-based authentication systems use small sensors that only capture partial fingerprints. The researchers created a MasterPrint, or fake fingerprints, to see if people’s partial prints provided enough similarities to hack into a phone. Through its MasterPrints, the researchers were able to successfully match partial fingerprints up to 65%.
“As fingerprint sensors become smaller in size, it is imperative for the resolution of the sensors to be significantly improved in order for them to capture additional fingerprint features,” Arun Ross, a Michigan State University professor for computer science and engineering, said in a statement. “If resolution is not improved, the distinctiveness of a user’s fingerprint will be inevitably compromised. The empirical analysis conducted in this research clearly substantiates this.”
Microsoft open-sources ReactXP
Microsoft is open-sourcing its library for cross-platform app development. ReactXP builds on React JS and React Native to enable develops to build apps for web and native using a single codebase.
Microsoft created ReactXP to address its Skype needs. Skype runs on multiple operating systems and platforms such as desktop, laptop, mobile phones, tablets, browsers, TVs and cars.
“With React and React Native, your web app can share most its logic with your iOS and Android apps, but the view layer needs to be implemented separately for each platform. We have taken this a step further and developed a thin cross-platform layer we call ReactXP. If you write your app to this abstraction, you can share your view definitions, styles and animations across multiple target platforms,” according to the project’s GitHub page.
Google redesigns FORTIFY
Google is announcing new FORTIFY for Android. FORTIFY is a set of extensions designed to catch incorrect uses of standard functions. The security feature has been available in Android since 2012. Starting with the Android Platform, Android O, Google will start using a new implementation of FORTIFY.
“After migrating from gcc to clang as the default C/C++ compiler early last year, we invested a lot of time and effort to ensure that FORTIFY on clang is of comparable quality,” George Burgess, software engineer at Google wrote in a post.
The new clang FORTIFY includes the addition of pass_object_size to clang, the addition of alloc_size to clang and other improvements such as allowing incompatible pointer conversions in overload resolution for C.
MOSS awards $365,00 to open-source projects
Mozilla wants to celebrate and support open-source projects that contribute to the health of the Internet. Through the Mozilla Open Source Support (MOSS) program, the company has awarded a total of $365,000.
The biggest award of $250,000 was award to SecureDrop, a whistleblower submission system that enable media organizations to securely accept documents and communicate with anonymous sources.
In addition, MOSS has awarded $10,000 to the libjpeg-turbo project, $25,000 to LLVM, $30,000 to the LEAP Encryption Access Project, and $50,000 to the Rust project Tokio.
More information about the program and projects is available here.