Leave a comment

Fingerprint sensors: Are they really secure?

Fingerprint sensors: Are they really secure?
photo courtesy of shutterstock

One of the coolest new technologies of the past few years is biometric scanners, notably the fingerprint scanner. Just place your finger or thumb onto your smartphone, and it scans it. If it matches your fingerprint with the image it has stored, it lets you in.

Your fingerprint is like a really secure password, the thinking goes, because everyone has a unique one. After all, how could someone use your fingerprint? If they steal your phone or you misplace it, they're out of luck.

Except, criminals are devious and clever. As it turns out, fingerprint scanners aren't quite as secure as you may think.

In fact, here are several ways that criminals can get past your fingerprint, to access your smartphone and all its contact. (Note: Keep reading for three tips to keep your smartphone safe.)

1. Capacitive scanners may not work if your finger is wet, or if you have a cut, scar, or scratches.

2. Some fingerprint scanners can be fooled by a cast of a fingerprint. "This is a really big hole in security," according to security experts. (Note: Some upcoming 3-D fingerprint scanners will fix this flaw.)

3. Fingerprints can be stolen. "One can do it with a quality photo of a victim's fingers. An SLR camera with a good zooming lens or even a magazine photo printed in high resolution are enough," according to experts.

Some, but not all smartphone makers use a technology called ARM TrustZone, which stores your fingerprint image in a virtual world. It's not stored on your smartphone's operating system, so criminals can't steal it.

4. Not all smartphones are equally secure. While Apple's fingerprint scanner, which is encrypted, is considered to be secure, others aren't. "Many smartphones have poorly protected sensors, which lets malware get the pictures right from the fingerprint scanners."

Worse, you can't change your fingerprint, if an image of it is stolen. With a traditional password, you can change it in minutes. No so for your fingerprint.

5. Mistakes can be made (and have been). In 2015, cybersecurity experts discovered that the Samsung Galaxy S5 and HTC One Max smartphones did not store your fingerprints using encryption. So, criminals could steal them if they had access to your pictures and the Internet.

Those smartphone makers fixed that problem. But, who's to say it won't happen again?

Next page: 3 tips to protect your smartphone
Top Story: Smart home devices may be used by the government to spy on you
Previous Happening Now

Top Story: Smart home devices may be used by the government to spy on you

Apple issues recall of faulty product nearly every MacBook user owns
Next Happening Now

Apple issues recall of faulty product nearly every MacBook user owns

View Comments ()