Why You Should Not Use Smartphone Fingerprint Readers
While many smartphones today come with fingerprint readers, people should exercise caution in relying on these features – especially when security is important. Here are several reasons why:
- Your fingerprints are all likely all over your phone. You do hold it with your hands, right? How hard would it be for criminals who steal the phone to lift your prints and unlock the phone? No, that’s not something the average street thief looking to make quick buck might do – but if someone wants the data on your phone for whatever reason it certainly remains a viable possibility. The Discovery Channel television show “Myth Busters” demonstrated several years ago how simple it can be for someone to defeat a fingerprint authentication system. It is true that smartphone vendors claim to utilize technology that has improved since the show aired – but how certain are you of their new technology’s strength? Remember, it took only about one day for hackers to defeat the iPhone fingerprint authentication that was also supposed to be strong.
- The winter. Don’t you hate having to take off your glove to unlock your phone? Several years ago you had to remove your gloves to use your phone in general, so removing them to unlock the device was not a big deal, but with today’s smartphone-compatible gloves removing them is usually no longer necessary. Why create the need?
- It’s not a secret that there is powerful malware designed to infect smartphones. What happens if somehow your phone gets infected and malware captures your fingerprints? You won’t be able to reset them – ever. I know: theoretically it is impossible for malware to capture fingerprints because of the way smartphone fingerprint readers are designed. And that may be true on some models – but are you positive that the reader on your new smartphone was designed and implemented perfectly with no possible bugs that could undermine that protection?
- Even if the manufacturer did get the aforementioned design and implementation 100% right, how do you know that the fingerprint reader on the particular phone that you bought works the way the manufacturer designed it? You don’t think there are any criminals selling phones online that have been infected with malware? How much is personal data coupled with fingerprints worth to criminals? How hard is it to modify a phone to make the fingerprint reader work in a way that allows malware to capture fingerprints? If I have thought of it, I’m pretty sure that so have criminals whose livelihood depends on staying one step ahead of honest consumers.
- If anything goes wrong, the consequences are severe. Fingerprints are for life; if a criminal obtains a fingerprint from your phone, he or she will likely also be able to obtain other information about you (such data is all over your phone). You could be at risk for identity theft for the rest of your life, and someone might even be able to frame you for a crime that you did not commit. Yes, these possibilities seem remote or science-fiction like – or perhaps part of the plot of my upcoming novel – but keep in mind that but a generation ago most of today’s technology enabled crimes would have also made great science fiction plots.
- Do you trust your government not to demand that backdoors be added to phones in order to collect fingerprints? Some people might, others may not.
- What happens if you for some reason need someone else to unlock your phone? If you use a fingerprint to lock a phone, make sure that the device can also be unlocked with a password. (Using a password might help address winter situations as well.)
Loved the article? Can’t wait to take on the world of Information Security? Get a professional certification to position yourself at the front of the pack – and we’ve got special rates for our readers!
Find our CEH (V10)- Certified Ethical Hacker Online Classroom training classes in top cities:
|CEH (V10)- Certified Ethical Hacker||22 Dec -27 Jan 2019, Weekend batch||Your City||View Details|
|CEH (V10)- Certified Ethical Hacker||18 Jan -16 Feb 2019, Weekdays batch||Atlanta||View Details|
|CEH (V10)- Certified Ethical Hacker||26 Jan -24 Feb 2019, Weekend batch||Washington||View Details|
Recommended articles for you
Lessons for Security Professionals from the Worst Passwords...Article
Why IT Security Professionals Need a CISSP Certification - A...Article
Key Roles and Responsibilities of IT Security ProfessionalsArticle