Now that the hackers who almost immediately bypassed Apple’s new fingerprint security have shown that they can even break in using a fingerprint taken from a photograph of the user, we might want to take the biometric innovations displayed at CES with a grain of salt. However, the need for better security is going to keep companies investing in biometrics until a solution is found that is secure enough to make someone very rich.
The Problem With Fingerprints
Fingerprints might have seemed like a good idea for biometric security. After all, we have been using them for years to solve crimes, so we feel we can rely on them to identify us correctly, and we have seen plenty of imagined futures in sci-fi where characters unlocked doors and vaults with their fingerprints or a quick iris scan. However, the ease with which fingerprint based biometrics have been breached reveals some of the problems with relying on fingerprints, or even on biometric security in general. In those futuristic thrillers, the only way to get around the security often turned out to be getting hold of the finger, but in reality, it can be enough to have a photograph of the fingerprint.
Our fingerprints might be unique, but they are not secret. We leave them everywhere we go, which makes them great for crime-solving, but not so useful for security. Our fingerprints are also permanent, which means that we are permanently hacked if our fingerprints our stolen. We can‘t simply change to a new password, although we would of course have ten chances to create an identifying print if we gave each of our fingers a turn. Fingerprint security also poses another possible issue, as some courts are willing to rule that a suspect can be compelled to use their fingerprint to unlock a device, but not to produce their password.
Some of the issues with fingerprint security could be circumvented by using other forms of biometric identification, ones that might be less easy to steal or reproduce. Companies around the world are currently experimenting with a wide range of different types of identifying information.
One option that is generating some interest at CES 2015 is facial recognition for identifications purposes. The Welcome Home camera being exhibited by Netatmo does much more than identify faces in a photo, it can actually be set up to recognize trusted individuals and contact the owner if it spots anyone else nearby. The technology is currently designed for home security rather than unlocking devices, but it shows how far facial recognition has come, and it might be harder, although as Madame Tussauds shows, not impossible, to copy someone’s whole face rather than simply their fingerprint.
Another intriguing possibility is the use of scent for identification. Dogs are able to tell the difference between everyone but identical twins, based on the way they smell, so scent could be a unique identifier if the technology can match this ability. If the accuracy of fingerprint recognition could be matched, odor could also be a very difficult characteristic to copy, unless you were hacking into your identical twin‘s device. However, it might be difficult to create a compact sensor that could check it without being affected by any surrounding or masking odors.
We can expect to see many different types of identifiers being proposed for use in the future, as well as plenty of companies, like Synaptics, which is exhibiting its Natural ID and SecurePad technology at CES 2015, still betting on fingerprints. However, we may have to look elsewhere for reliable security. No matter how unique or difficult to imitate a physical identifier is, there may simply be too great an incentive to break any biometric security system that relies on it.
Beyond Physical Biometrics
The solution might be to look instead for other ways of identifying people. Rather than relying on physical characteristics, we might be able to identify people through their behavior, which might be harder to replicate. One such method that is currently being developed would learn to recognize people according to the way they interact with their touchscreens. Another possibility is to use objects as identifiers, with the hope that anyone trying to break into a device would not be able to access both it and the object that unlocks it. Fingerprints and other physical identifiers could still have a role to play in providing security, but they may need to be used alongside these other methods, as well as the traditional password. However, as well as continuing to fight crime, fingerprints could still have other applications that might be even more important than protecting our devices. Their uniqueness and permanence might make them the ideal way to track childhood vaccinations in the countries where they are most needed and hardest to provide.
This is a freelance article from Gemma Hartson.
- Apple Pay: Will New Fingerprint Technology Keep Your Money Safe, Money
- Fingerprint Biometrics hacked again, Chaos Computer Club
- Why fingerprint scans may not be the future of digital verification, Andrea Peterson, The Washington Post
- Biometrics Security Considerations (PDF), Systems and Network Analysis Center Information Assurance Directorate, NSA
- SecurePad: Coming to a Notebook Near You, Synaptics
- Samsung Galaxy S5: Busting the Biometric Myths, Synaptics
- Body odor as a biometric identifier Universidad Politécnica de Madrid
- Continuous Smartphone Authentication Based On Hand Motion Parameters
- Scanning Babies’ Fingerprints Could Save Lives, Kim Ward and Anil Jain, Michigan State University