Fingerprint sensors are a big security risk. Researchers from New York and Michigan State University recently made the bold pronouncement after successfully creating “Master Prints” – digital fingerprint templates – which fooled mobile finger print scanners 65 percent of the time.
“If all I want to do is take your phone and use your Apple Pay to buy stuff, if I can get into 1 in 10 phones, that’s not bad odds”
The digitally manufactured prints were tested in computer simulations and were able to “unlock” countless pass codes. In the real world, this could mean millions of unlocked phones, purchases, and access to sensitive information and supposedly secure transactions.
The “master prints” were created by combining common features of human finger prints, but they didn’t push through with testing on actual mobile devices and live accounts. However, the results of the study already raised red flags on how secure fingerprint sensors are.
“It’s almost certainly not as worrisome as presented, but it’s almost certainly pretty darn bad,” Andy Adler, a professor of systems and computer engineering at Carleton University in Canada, who studies biometric security systems was quoted in a New York Times interview, adding: “If all I want to do is take your phone and use your Apple Pay to buy stuff, if I can get into 1 in 10 phones, that’s not bad odds.”
While it would be difficult to fake a full human fingerprint, scanners on mobile phones and biometric systems only read partial prints. A finger swipe matches any one of the stored images needed to unlock your phone, but this leaves it dangerously vulnerable to false matches.
This development leaves phone companies with plenty of room to improve by implementing newer biometric security options. Samsung’s latest Galaxy S8 phone will feature an iris scanner, and there are talks of incorporating newer and larger fingerprint sensors on future phone iterations.
In the meantime, users who are concerned about security can switch off the functionality when it comes to sensitive financial transactions. While we’re all for convenience, it would not hurt to be a bit more careful and not just jump on the bandwagon of fingerprint scans and tie all of your phone’s security features to it. Remember that phones are still prone to theft and cloning. There are companies developing a self-destruct feature in the event that phones are lost or stolen.
Earlier this week, Mastercard announced that it will be rolling out cards equipped with both a security chip and fingerprint sensor. This is a promising development and a bold idea that could help answer the problem of financial security. Having two security systems instead of just one may be redundant but it is a necessary measure to keep financial and personal information secure.