On the surface, a fingerprint sensor is everything a smartphone user could ever hope to have. Just one touch of a finger makes it possible to unlock anything and everything of value, from online banking to Amazon Prime. It also doesn’t hurt that you feel like you’re living in a Charlie’s Angels movie as you use such futuristic technology. Best of all, that magical fingerprint sensor means you can finally stop trying (unsuccessfully, if you’re like most of us) to remember dozens of passwords, some with special characters, some with capital letters, and some so random that they’re hopelessly lost somewhere within the recesses of your mind.
Smartphone Fingerprint Security: Foolproof or Tomfoolery?
If you’ve been celebrating your smartphone’s fingerprint sensor as your ultimate liberation from password hell, you may not want to start throwing the confetti just yet. It turns out that this admittedly convenient technological innovation also poses a gaping lapse in security. According to research at New York University and Michigan State University, smartphones can be easily fooled by fake fingerprints. Conniving thieves can actually compose digital fingerprints with many features commonly found in human prints.
You may not want to believe it, but the researchers proved it with their own experiment. They created an artificial set of “MasterPrints” using a computer simulation. Those MasterPrints could match real prints similar to those used by phones up to 65 percent of the time! This problem stems from the fact that the finger scanners on phones are so small that they only read a partial fingerprint. This theoretically would allow hackers and criminals to easily falsify prints since they are not required to match the print of an entire finger.
The Science of Fingerprint Scanners
Think about it this way: If you’ve ever set up fingerprint security on your iPhone or Android, your phone most likely took about 8 to 10 images of your finger. This makes it easier for your phone to match your finger if you apply it to unlock in different positions. You may even have recorded multiple fingers. However, since you- or the thief trying to break into your phone- only need to match one of the multiple images stored as a fingerprint, the system is vulnerable to false matches. It’s no different than if you set up 15 passwords for the same account and an attacker only needed to match one password to gain access.
If you’re feeling disappointed, hope is on the horizon. Smartphone manufacturers and others who use fingerprint security systems are rapidly researching anti-spoofing technologies that would allow users to maintain the convenience of the fingerprint sensor without losing security in the process. Some hope to help the phone detect the presence of a real finger by looking for perspiration or examining patterns in deeper layers of skin. Others want to use ultrasound technology to ensure precision.
Technology never fails to evolve at lightning speed, so by this time next year, who knows, your fingerprint might be the most secure feature on your phone!
