fingerprint-scanner Apple is clearly very pleased with the iPhone 5S and although its new biometric security system TouchID seems like a neat feature at first glance, the use of biometric data for security isn’t necessarily a good idea. The problem with fingerprint scanners is that they aren’t as secure as you might think, it raises some interesting privacy issues but worst of all once your biometric information has been compromised you can’t change it. In terms of security, the Chaos Computer Club (CCC) has already shown that Apple’s TouchID can be tricked using easy everyday means. Although we are only talking about a $600 smartphone and there are easier crimes to commit than trying to lift someone’s fingerprints just so you can access their phone, the weaknesses in fingerprint scanning are applicable to every situation where they are used including on identity documents (like passports) or scanners at supermarkets. In 2007 the CCC demonstrated how to trick a fingerprint scanner at a supermarket resulting in a shopping bill being charged to someone else’s account. In 2008 the group included thin film copies of the fingerprints of the then German Minister of the Interior Wolfgang Schäuble in its club magazine. The CCC’s webpage on how to fake fingerprints was uploaded in 2004, nearly a decade ago and the techniques described remain valid today. You can easily be forced to unlock your phone against your will. Forcing you to give up your passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands – the Chaos Computer Club. There are also serious privacy questions around the use of biometric data. A senior US senator has written to Apple asking the Cupertino tech giant how the fingerprint data is encrypted on an iPhone 5S, whether any diagnostic data is ever […]
Click here to view original web page at Why fingerprints shouldn’t be used for security