With smartphones companies allowing people a convenience to perform multiple tasks and purchase transaction over their phone, also opens the door for hackers, intruders and other costly exploits that you might have not been known to.
And, especially when the news broke out by researchers that I have covered in the section below, found out easy ways to create fake fingerprints to fool a smartphone fingerprint reader.
On the flip side, a market research firm IHS claims approximately the number of fingerprint sensors embedded in smartphone devices is expected to grow from 316 million in 2014 to 1.6 billion in 2020.
Popular brands like Apple, Android, and Samsung are making it easy for people to perform crucial transactions- fingerprints authentication is no longer limited to unlocking phones. It can also be used to make mobile payments and even authenticate bigger settlements that include large bank transfers too.
So the question you need to ask yourself: is it really safe to use fingerprint scanner technology to unlock your phones, especially when you store your personal and sensitive data on it?
Fingerprint scanner technology being one of the most convenient ways to unlock phones, has been around since the year 2000 for login-authentications and identification to computer access.
Today, this biometric technology allows you to secure your smartphones access too!
If you are already using fingerprint recognition to get into your phone data, might not be secure as you may think.
The biometric sensors embedded in smartphones are generally small and therefore the resulting images are limited in size.
To compensate, such devices often acquire multiple partial impression of a single finger during enrolment to make sure at least one of stored templates matches successfully for authentication.
This was claimed by researchers from New York University and Michigan State University in an abstract that was carried out to explore the possibility of generating a “MasterPrint” that can match on or even more stored templates for a significant number of users.
Evolution of fingerprint recognition for smartphone users
Back in 2011, Motorola Atrix 4G users were the first among the other smartphone owners to adopt the fingerprint security function over their phones.
Later in 2013, Apple iPhone 5S offered its users with an ability to use their fingerprints for multiple phone security purposes. Immediately a month later, HTC launched the One Max with also included fingerprint recognition.
Following the above brands, Samsung released the Galaxy S5 which offered fingerprint sensors on the home button.
With the popularity of the biometric sensors among smartphone users- many cheaper brands offered the technology as of December 2015, including $100 UMi Fair.
Samsung later added this security authentication services for its mid-range A-series smartphones.
Two years after the launch of Apple iPhone 5S, the brand introduced an even faster Touch ID fingerprint sensor with iPhone 6s.
Later in 2016, OPPO Electronics claimed to introduce to the fastest fingerprint recognition to unlock the F1s model in 0.22 seconds.
Kinds of fingerprint patterns to understand one of yours
Fingerprint has three ridges that are known as:
- Arch: similar to its name, the ridges of this pattern enter from the side of the finger, a rise in the center forming an arc, and exit from the other side of the finger.
- Loop: the ridges of this pattern enter from one side of the finger, create a curve, and then exit on the same side.
- Whorl: the ridges of this pattern from circularly around a central point of the finger.
Scientist claim there is an increasing number of chances that family members share the same general fingerprint, however, as per Apple’s Touch ID security site- every fingerprint will have a unique template, therefore, it’s rare that for a small section of two separate fingerprints are alike to match.
The probability of this happenings is 1 in 50,000 with a single enrolled finger. With five unsuccessful fingerprint match attempts a password will be asked, and the possibility of guessing the 4-digit pin code is 1 in 10,000.
For Google’s latest Android compatibility, the fingerprint sensor must have a false acceptance rate not higher than 0.002%.
The usage of fingerprints via smartphones
For those who typically use the fingerprint scanner to unlock their phones, it is being configured for other functions like:
Managing app access
This means you can hide certain apps with fingerprint authentication to secure your Whatsapp messages, personal images, email, calendar and more.
Faster Google Play purchases
This means you can ease and secure your paid app-purchase transactions over Google Play Store.
From the settings tab, select for “fingerprint authentication” to avoid the password prompt for confirming your favorite app purchases.
This is a mobile payment system that allows payment authentication via fingerprint on Samsung Galaxy smartphones.
This offers an ability to simply tap on the fingerprint sensor, instead of tapping on the screen for clicking images from your phone.
Fingerprint spoof attack examples
Spoofs are being produced over time by experts that showcase how fingerprint authentication is being attacked with the use of ink and paper.
This video shows presented by Kai Cao and Anil Jain showcases the hacking of fingerprint authentication on mobile phones using self-created printed fingerprints.
This video highlights how other flaws in iPhone 5S are exposed that – when combined with Touch ID’s vulnerability to fingerprint spoofing- allow access to the phone.
This video demonstrates the flaws of fingerprint authentication in the Samsung Galaxy S5 that exposes the user’s device, data, and even payment transactions.
Should you really be worried?
There are many hurdles for the attacker to access your fingerprint authentication- they’ll have to create multiple templates of “Master Prints” to match and mimic a real human finger.
Considering the security measures to eliminate the risk of fingerprint authentication exploitation - iPhone 6S incorporates a second-generation Touch ID sensor that is up to twice as fast as the first- generation sensor found in iPhone 5S, e and SE phones.
The iPhone 5s has also moved slightly beyond the capabilities of earlier touch sensors: It provides a higher resolution image and – as far as initial experiments can tell – this makes it difficult for the fingerprint authentication attack.
Fingerprint authentication sensor can surely eliminate the risk of forgetting complex passwords or passcodes to enter your mobile phone, as it is something to do with a human body which cannot be lost.
However, at the same time, you should enable all security measures available to keep your data and personal information away from hackers.
Additionally, you can always switch over to other authentication mobile solutions that include:
Mostly available for every smartphone- users can set a 4- digit passcode to unlock their phones.
This can be the most secure biometric method, because even if your phone gets lost and unable to crack your code- your data is safe and cannot be manipulated.
Downside: There may chances when you forget the PIN code and on performing several attempts your phone will get locked which will require a factory-reset. However, if you choose a reset option, you probably give up your data stored on your device.
This can eliminate the need of having to remember difficult codes or alphanumeric passwords- as you create your own pattern through a grid of nine dots. And, the best part is you can create new patterns with time to ensure security.
Downside: There may be chances when you forget the pattern and your phone will ask you for a hard reset. In this case, your existing data will not be recovered.
Offered by most of the popular mobile companies, IRIS Scanner is one of the trending and secure biometric method for unlocking phones.
Downside: The only hassle is to ensure proper light on your eyes, especially in direct sunlight. The most recommended way is to hold your phone close to your eyes.
Available with a number of Apple and Android smartphones, Face unlock is an interesting biometric method alternative to leaving your phone in Swipe to unlock mode.
Downside: There may angles and distance that are calculated while performing a face recognition and can be slow. Also, the amount of light will determine the chances of your phone being unlocked.
Fingerprint Biometric method is rapidly being introduced by popular smartphone brands. Whether in this generation or an upcoming one, whether it’s Apple, Samsung, HTC or even Motorola- someone will surely figure out on how to implement fingerprint authentication without being hacked.
Will Fingerprint biometric method be a good way to secure a phone? Sure, it will when mobile brands merely stops attacker/hackers to get into your data simply by building physical phones with extra security measures.
I myself use a fingerprint pattern to unlock my Samsung Galaxy J7 Prime- however never encountered an attack. Maybe, because I’m not a recognized firm, educational organization or even government entity that deal with important data and files via smartphones.
Either way, the safety of your phone authentication will depend on the makers to boost device security!
Author: Anil Parmar
Anil is the co-founder of Glorywebs, a custom mobile app development agency that aims to help clients with web design, web development, digital marketing and more. Websites, mobile apps & plugins we develop have a common # 1 goal: Keep it as simple as possible for end users. Find him on Twitter @abparmar99 & say Hi!