It’s the security technology of the movies: you press your thumb to a button, it reads the print, and you’re in. This kind of security is not just for the movies anymore, though. Biometric security, the use of biological characteristics in security, now exists in everyday technology, like your phone.
There are no complicated passwords or keys involved, and you have access at the tip of your finger. It’s an incredible advancement in basic device security, but how secure is this system? Some would say that the “cool factor” of fingerprint identification veils some more sinister security flaws, and your fingerprint could increase your vulnerabilities to identity theft.
According to Yahoo Tech, these fingerprint systems can be hacked pretty easily. German hacker Jan Krissler explained to the news service that all it takes is a photograph of the person’s hand. Krissler demonstrated this at German hacking group Chaos Computer Club’s annual convention, held in Hamburg in December 2014. He showed the group how he could use a photograph of German defense minister Ursula von der Leyen’s hand taken from three meters away at a news conference to recreate her fingerprint using a software called VeriFinger, which allowed him access to her phone.
While Krissler demonstrated this more sophisticated and complex method on an individual basis, it can also be used to hack biometric systems used across millions of devices, like Apple’s for instance. In September 2013, just days after Apple released its first fingerprint security-enabled device, hackers claimed to already have breached the system using the “fake fingerprint” method. According to Marc Rogers, the principal security researcher for mobile security firm Lookout, Apple hasn’t done enough to address this concern. The following year, when Apple released the iPhone 6 and 6 Plus the following year, the devices’ improved TouchID security still faltered against fake fingerprints.
“Sadly there has been little in the way of measurable improvement in the sensor between these two devices,” Rogers explained in a blog post. “Fake fingerprints created using my previous technique were able to readily fool both devices.”
One major concern about biometrics security is that, unlike passwords, fingerprints cannot be reset. Once hackers have access to your fingerprint, they could have access to a lot of other personal information, and they could potentially keep using your fingerprint for fraud for a long time. The only one way to make sure that your print not useful to them is by not using it in your device security. Forbes magazine also pointed out that certain jurisdictions say police have the right, without warrant, to force you to unlock your phone if its secured with a fingerprint, but they don’t have that right if the device is secured with a password.
It’s important for consumers to be as vigilant as possible in their personal security. That means avoiding oversharing, changing passwords often and becoming knowledgeable about our risk levels. The security of your phone doesn’t just affect your privacy, it can also open the door to ID theft .
Take a proactive approach to guarding both your privacy and identity is to sign up for Identity Guard’s Total Protection. This is just one of the plans that Identity Guard offers that includes credit monitoring, which can alert you to certain activity on your credit files that may indicate fraud.
Taking charge of protecting your identity and privacy can be very empowering—remember taking a proactive approach is your best bet when it comes to protecting your identity, privacy and security.