SAN FRANCISCO — Fingerprint sensors have turned modern smartphones into miracles of convenience. A touch of a finger unlocks the phone — no password required. With services like Apple Pay or Android Pay, a fingerprint can buy a bag of groceries, a new laptop or even a $1 million vintage Aston Martin. And pressing a finger inside a banking app allows a user to pay bills or transfer thousands of dollars.

While such wizardry is convenient, it has also left a gaping security hole.

New findings published Monday by researchers at New York University and Michigan State University suggest that smartphones can easily be fooled by fake fingerprints digitally composed of many common features found in human prints. In computer simulations, the researchers from the universities were able to develop a set of artificial “MasterPrints” that could match real prints similar to those used by phones as much as 65 percent of the time.

The researchers did not test their approach with real phones, and other security experts said the match rate would be significantly lower in real-life conditions. Still, the findings raise troubling questions about the effectiveness of fingerprint security on smartphones.

“It’s almost certainly not as worrisome as presented, but it’s almost certainly pretty darn bad,” said Andy Adler, a professor of systems and computer engineering at Carleton University in Canada, who studies biometric security systems. “If all I want to do is take your phone and use your Apple Pay to buy stuff, if I can get into 1 in 10 phones, that’s not bad odds.”