Just How Secure is Your Smartphone’s Fingerprint Reader?


Smartphone security has become a major concern for many consumers. So much so, that each new model to reach the market seems to boast new and improved security features as a selling point. Tech manufacturers are banking on biometrics as the next big security innovation, and fingerprint scanners are being included on many new smartphones and tablets. But does this new fingerprint scanning technology really deliver the security it promises? It’s important to remember that this technology isn’t really new. It has been available for years, but only now do we see it introduced as a security selling point. So it begs the question, will using a fingerprint scanning app really keep you more secure?

Apple’s Touch ID – An Example in Insecurity

Ever leading the way, Apple was one of the first firms to feature a fingerprint scanner on their smartphones. First introduced in 2013, Apple’s Touch ID promised to deliver improved security for all iPhone users. A detection ring, located on the home button of the iPhone 5S, would allow users to unlock their handsets and verify purchases using a finger or thumb print. The technology was promoted as cutting edge and virtually unbeatable. Consumers and tech reviewers took note, and before long fingerprint scanner would be included on many new Apple products. However, there were naysayers waiting in the wings.

Not long after Apple unveiled their Touch ID scanner, a German hacking team called the Chaos Computer Club set to work to test the new technology. In less than 24 hours, the team managed to crack the scanner by using a false fingerprint captured from a glass surface. The hacking group soon issued a statement, saying “We hope this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token.”

The Myth of Fingerprints Persists

Despite the easy hacking of Apple’s Touch ID, the myth of fingerprint security seems to persist. Earlier this year, the Royal bank of Scotland and the National Westminster Bank announced that they would soon be allowing customers to access their accounts using fingerprint recognition technology. RBS and NatWest customers would be able to activate the feature using their current security information, after which they could conduct any transactions using Apple’s Touch ID technology. The banks have said that they hope the introduction of the new technology would help to make mobile banking easier and more convenient for their customers. But again, there were naysayers waiting to weigh in on the subject.

Not long after RBS and NatWest announced the introduction of fingerprint verification for their customers, Ben Schlabs, of SRLabs, issued a statement to the BBC. He pointed out that the technology was “easy to spoof”, and that “the risk are poorly understood”. Schlabs went on to say that using fingerprint verification alone introduced new risks that are not associated with passwords and PINS. Echoing the statements of the Chaos Computer Club, Schlabs told the BBC that “the fact you are carrying the key around with you and leaving copies of it exposed everywhere makes it a very different risk to something that is inside your brain”.

Maintaining Your Security

Fingerprint verification technology may seem exciting and cutting edge, but clearly there are hazards that consumers need to consider. Security analysts suggest that if anyone is tempted to use fingerprint verification technology, they should supplement it with a unique pass code to reinforce data security. While there have yet to be any verified reports of fingerprint scanners being hacked and used in a criminal enterprise, the potential is definitely there and it falls to the consumer to make informed choices about their mobile security.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>