According to Chaos Computer Club it is a resounding NO. There are aspects of using fingerprint biometrics to secure a device which I had never considered before reading this article. I would imagine that the general public assumes, as I once did, that using biometrics like fingerprint technology would be fool proof since the fingerprint is 100% unique. The problem lies not with the fingerprint itself, but with the system that the print is used to access. As with anything man made there is always a way to hack into or get around what would normally be considered supremely secure. This article points out that once that information is compromised there is no way to change your access code the way you would simply change your password if it was needed.
Apple is clearly very pleased with the iPhone 5S and although its new biometric security system TouchID seems like a neat feature at first glance, the use of biometric data for security isn’t necessarily a good idea. The problem with fingerprint scanners is that they aren’t as secure as you might think, it raises some interesting privacy issues but worst of all once your biometric information has been compromised you can’t change it. In terms of security, the Chaos Computer Club (CCC) has already shown that Apple’s TouchID can be tricked using easy everyday means. Although we are only talking about a $600 smartphone and there are easier crimes to commit than trying to lift someone’s fingerprints just so you can access their phone, the weaknesses in fingerprint scanning are applicable to every situation where they are used including on identity documents (like passports) or scanners at supermarkets. In 2007 the CCC demonstrated how to trick a fingerprint scanner at a supermarket resulting in a shopping bill being charged to someone else’s account. In 2008 the group included thin film copies of the fingerprints of the then German Minister of the Interior Wolfgang Schäuble in its club magazine. The CCC’s webpage on how to fake fingerprints was uploaded in 2004, nearly a decade ago and the techniques described remain valid today. You can easily be forced to unlock your phone against your will. Forcing you to give up your passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands – the Chaos Computer Club. There are also serious privacy questions around the use of biometric data. A senior US senator has written to Apple asking the Cupertino tech giant how the fingerprint data is encrypted on an iPhone 5S, whether any diagnostic data is ever […]