Fingerprint and circuit board, illustration. KTSDESIGN | Science Photo Library | Getty Images

Artificial fingerprints have been developed by researchers who say they could one day be used to hack into everyday devices. Researchers from New York University and Michigan State University successfully generated what they call "DeepMasterPrints" earlier this year. These are machine-learning methods that act as a kind of "masterkey" which, the researchers claim, have the potential to unlock around one in three fingerprint-protected smartphones. In the paper released in October, the authors said synthetic fingerprints could be "used by an adversary to launch an attack … that can compromise the security of a fingerprint-based recognition system." Philip Bontrager, Aditi Roy, Julian Togelius, Nasir Memon and Arun Ross, the researchers behind the study, said the way fingerprints were recognized on smartphones and other devices was often problematic. "Phones and many more devices don't capture your entire fingerprint," they told CNBC over the phone. "There's not enough space on the device, so they capture a partial fingerprint — which is not as secure as the full image. (People assume) the device stitches images of their fingerprint together, but that's not really what happens — it keeps sets of partial fingerprints."

For each finger stored in place of a password, the device keeps multiple images. If someone then uses their finger to unlock that device, they only need to match one of the partial fingerprint images on its security system. "If you store images for three of your fingers the device may keep around 30 partial fingerprints," the researchers said. "With MasterPrints you just have to create a few — five or ten and I'm in business." They added that this could unlock a "reasonably large" number of phones — just under a third. "If every fifth phone works it would be a profitable scam," they said.

Defenses increasing

While the researchers told CNBC that their findings could be a potential threat to security systems, there were things software developers could do to make such an attack harder to pull off. "Research in assessing vulnerabilities in a fingerprint recognition system is a constant arms race between fixing vulnerabilities and discovering new ones," the paper said. "It is important for researchers to probe for new vulnerabilities so that loopholes can be fixed." Many developers were already making fingerprint scanners more secure by moving sensors from devices' buttons to screens, allowing them to pick up higher resolution images. "Some smartphones have the sensors on the side buttons, which are very thin — they're convenient but less secure," the researchers told CNBC. "Their sensors only register a quarter or so of the fingerprint's features."

What's at stake?