Story image

Fingerprint security & biometrics: Three major myths busted

08 May 17

Fingerprints have long been viewed as the ultimate identifier, unique only to you and impossible to steal, which is why fingerprint readers have become integral to smartphone and mobile device security.

So, it seems, these gadgets must now be at their most secure. Well, not quite. We debunk three myths in this short feature to bring some clarity to the subject of fingerprint security.

Myth 1: Fingerprint security more secure than passwords

Contrary to what many people assume biometric readers are not foolproof. They have their own set of unique vulnerabilities, the technology can be exploited and fingerprints can be stolen (and even from photographs).

For example, in America, it is Homeland Security policy to collect fingerprints from non-US citizens between the ages of 14 and 79 as they enter the country. Meanwhile, the FBI keeps a file of an estimated 100 million prints, of which more than 30 million are “civil prints”, i.e. not linked to criminal activity.

These two cited examples equate to repositories of sensitive information, which will appeal to cybercriminals. If this information can be accessed, then, just like credit cards and pin numbers, it is entirely possible for them to be stolen and used maliciously.

Myth 2: You can’t copy a fingerprint

In 2013, Apple ushered in the era of the biometrical mainstream by announcing the addition of a fingerprint scanner to its iPhone 5s. It promised to keep your phone super protected while providing a Touch ID method of purchasing things from iTunes and the App Store – effectively removing the need for passwords (not totally, mind you).

But within two days of the new handset launching a German security researcher called Starburg used publicly available software called VeriFinger to recreate the fingerprints of Germany’s Minister of Defence using high-resolution photos – claiming the copy was good enough to trick fingerprint systems for biometric authentication.

More recently, in 2016, Biometrics firm Vkansee demonstrated that the “technology can be spoofed” – all you need is clay and some Play-Doh and you can capture enough fingerprint details to dupe a sensor into thinking it’s the real deal. However, the firm did state that the process is rather convoluted and unlikely to result in breaches of this ilk. Nevertheless, it does suggest that fingerprints can be copied.

Myth 3: Fingerprints will replace passwords in the future

Given that fingerprints can be stolen, copied and used to bypass today’s readers, it’s clear we have a long way to go before passwords are made obsolete. And even then, the likelihood is that passwords are going to be around for a long time.

What this highlights is there is no single solution to security, with many experts advising an approach that embraces multiple measures so that ultimately, there is more than one entry point into whatever it is you seek to protect.

In practice, this means a mix of fingerprints, passwords and additional security in the shape of two-factor authentication may be required, especially in instances where the information or assets – digital or physical – is of a particularly sensitive nature.

Article by Welivesecurity.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.