Fingerprint is the easiest way of securing your phone. No PINs required, no passwords or patterns to be remembered. It’s just the unique (not even identical twins share same fingerprints) structure of lines on your thumb or fingers that keeps your identity and data concealed. If you are also one of those who diligently worship the fingerprint, it is time think again.
I wonder if phone has its etymological roots in the word “phoney” as I am warned by a stream of articles online about the raging concerns over the security of fingerprint, especially the ones embedded in our phones. Nearly 40 percent of the phones in use today have a fingerprint scanner as their primary lock and authentication unit. Apple’s renowned TouchID has set the foundation for fingerprint-based transactions, thanks to its Apple Pay technology. The question remains “are fingerprints really as secure as we thought they were?” The obvious answer is “No” and we delve further into why’s and how’s of it.
There are typically two most popular types of fingerprint scanners – Optical and Capacitive. Optical scanners, as we traditionally see being used for staff attendance in the office, use a two-dimensional image of the thumb to analyse the print of the finger. The sensor at the bottom captures a detailed and high-contrast picture of ridges (fingerprint lines) on the finger to match with its database.
On the other hand, capacitive fingerprint scanners deploy a series of tiny capacitors to generate an electronic image of your finger. Human skin, being a conductor of electricity, conducts only through the ridges while the space between them can be treated as air, thus forming a thorough image of the finger.
While these technologies are (mostly) adept in the art of recording, indexing identifying the thumb, tricking them has become a piece of almost every techie’s cake. Vkansee, at CES Las Vegas for successive years now, has been smashing the faith in fingerprint security. Russell Brandom reports for the Verge that this year at CES 2017, it was a dental mold with some play dough and decent amount trial and error. Another such attempt we see is a 3D printed finger made by Centre for Identification Technology Research (CITER), Clarkson University, New York. This 3D printer impression can be worn over any finger and be used as a fingerprint.
The risk is further aggravated in the case of Android, owing to its open-platform. Android allows users to get snazzy with their looks, themes, icons and in this effort sabotages the security of Android phones. Paul K. of PhoneArena calls Android a “double-edged sword” for this reason. Apple devices, on the other hand, are capable of being turned into “paperweights” on being stolen. As soon as the user reports the loss of their device via “Find My iPhone (or iPad)” app, the stolen iDevice gets locked and literally unusable for the unsolicited buyer. Thanks to the iCloud Account Security. On the contrary, users can only wipe their Android phones using the Android counterpart of Find My iPhone app – Android Device Manager – letting thieves use your phone afterward. This makes Android a lesser favourite among the technologically conscious.
Fingerprint breaches aren’t anything new. The New York Justice Department uses Criminal Justice Information System-Offender Based Tracking System (CJIS-OBTS) to keep a log of all convicts, and deletes information about those not guilty. “Can Prints Lie?” published by New York Times journalist Benjamin Weiser on May 31, 2004 reported how records of one person were swapped with another. The misplaced fingerprints of Leo Rosario, a drug-dealer resulted in the deportation of Rene Sanchez, an auto-body shop worker, without even slightest of physical resemblance.
The incident was deemed inadvertent by the Connecticut Law Enforcement officials, but rising smoke leads to suspense and mistrust. This was a specific case among a series of incorrect convictions between 1998 and 2002 by the Connecticut Law Department.
A July 2015 statement by Office of Personnel Management in the USA reported theft of over 5.6 of total 21.5 million fingerprints and the associated employment history, Social security numbers, and addresses of federal employees. Fingerprint being unique, but same for every security lock, make them the most favorable piece for hijackers. Unlike PINs and Password, you cannot change your thumb impression.
A recent incident emerged where Japan’s National Institute of Informatics (NII) warned users to not upload selfies with “peace” symbol, the most preferred selfie hand gesture, as this could lead to theft of fingerprints. Thieves can easily replicate your fingerprints if the picture is well-focused and brightly lit and researchers at NII demoed it, as well.
Fingerprints are intrinsically windows to personal identity and can lead techie thieves to dupe you of nearly everything protected by fingerprint. While molds of your fingerprint may not be as valuable, fingerprint molds of imminent leaders such as Barack Obama, Narendra Modi or Benazir Bhutto can be a treasure for many scavengers. At the same time, we see Aadhar and fingerprint-based UID emerging as a recognition of our identity. Fingerprints can be easily stolen as we leave them almost everywhere – they are still the heroes of our forensic investigations.
While protecting our fingerprints from being stolen is another face of the coin, innovators in the world are ardent on fool-proofing the security of these fingerprint scanners. Find out how these new innovations function.