Why You Should Not Use Smartphone Fingerprint ReadersLast updated on February 04, 2016
While many smartphones today come with fingerprint readers, people should exercise caution in relying on these features — especially when security is important. Here are several reasons why:
- Your fingerprints are all likely all over your phone. You do hold it with your hands, right? How hard would it be for criminals who steal the phone to lift your prints and unlock the phone? No, that’s not something the average street thief looking to make quick buck might do — but if someone wants the data on your phone for whatever reason it certainly remains a viable possibility. The Discovery Channel television show “Myth Busters” demonstrated several years ago how simple it can be for someone to defeat a fingerprint authentication system. It is true that smartphone vendors claim to utilize technology that has improved since the show aired — but how certain are you of their new technology’s strength? Remember, it took only about one day for hackers to defeat the iPhone fingerprint authentication that was also supposed to be strong.
- The winter. Don’t you hate having to take off your glove to unlock your phone? Several years ago you had to remove your gloves to use your phone in general, so removing them to unlock the device was not a big deal, but with today’s smartphone-compatible gloves removing them is usually no longer necessary. Why create the need?
- It’s not a secret that there is powerful malware designed to infect smartphones. What happens if somehow your phone gets infected and malware captures your fingerprints? You won’t be able to reset them — ever. I know: theoretically it is impossible for malware to capture fingerprints because of the way smartphone fingerprint readers are designed. And that may be true on some models — but are you positive that the reader on your new smartphone was designed and implemented perfectly with no possible bugs that could undermine that protection?
- Even if the manufacturer did get the aforementioned design and implementation 100% right, how do you know that the fingerprint reader on the particular phone that you bought works the way the manufacturer designed it? You don’t think there are any criminals selling phones online that have been infected with malware? How much is personal data coupled with fingerprints worth to criminals? How hard is it to modify a phone to make the fingerprint reader work in a way that allows malware to capture fingerprints? If I have thought of it, I’m pretty sure that so have criminals whose livelihood depends on staying one step ahead of honest consumers.
- If anything goes wrong, the consequences are severe. Fingerprints are for life; if a criminal obtains a fingerprint from your phone, he or she will likely also be able to obtain other information about you (such data is all over your phone). You could be at risk for identity theft for the rest of your life, and someone might even be able to frame you for a crime that you did not commit. Yes, these possibilities seem remote or science-fiction like — or perhaps part of the plot of my upcoming novel — but keep in mind that but a generation ago most of today’s technology enabled crimes would have also made great science fiction plots.
- Do you trust your government not to demand that backdoors be added to phones in order to collect fingerprints? Some people might, others may not.
- What happens if you for some reason need someone else to unlock your phone? If you use a fingerprint to lock a phone, make sure that the device can also be unlocked with a password. (Using a password might help address winter situations as well.)
Loved the article? Can’t wait to take on the world of Information Security? Get a professional certification to position yourself at the front of the pack — and we’ve got special rates for our readers!
This article talks about why one must not use smartphone fingerprint readers by cyber security expert, Joseph Steinberg.
The author is the CEO of SecureMySocial, is a renowned cyber security thought leader and author of several books on the topic, including (ISC)2’s official study guide for the CISSP-ISSMP exam. Recognized by Onalytica as one of the top cyber-security influencers in the world, he is also the inventor of several IT Security technologies widely-used today; his work is cited in over 100 published US patent filings. He is also one of only 28 people worldwide to hold the suite of advanced information-security certifications, CISSP, ISSAP, ISSMP, and CSSLP, indicating that he possesses a rare, robust knowledge of information security that is both broad and deep.
Originally published at www.simplilearn.com.