Top Stories

Potential security flaw with fingerprint ID on cellphones

NEW YORK — A thumbprint may seem simpler and more secure than a passcode or password.

But one of the nation's top computer scientists says he has discovered a security flaw with the kind of fingerprint identification technology often used to lock cellphones.

We traveled to New York University to interview engineering professor Nasir Memon, who says he has found a way to use synthetic fingerprints to trick touch identification systems.

"We found (finger)prints that can match 20, 30, 40 percent of the time," Memon said.

Cellphone readers are not looking at the entirety of a fingerprint.

Instead, the readers examine small, less-distinct sections of multiple fingers, making it easier for Memon to fool touch ID readers.

His team says a savvy criminal could create a glove with five artificial fingerprints to hack into phones.

TRENDING NOW:

"It's not easy for just 'Joe on the street' to do it, but for a powerful adversary, they just have to do it once," Memon said.

He has not yet tried to hack actual cellphones.

That's a flaw in his research, according to Brenda Leoung.

She watches out for security weaknesses at the Future of Privacy Forum.

"That's not the way most fingerprint technology actually works," she said.

Apple, Google and others technology companies are likely matching hundreds or even thousands of data points on those tiny slivers of fingerprints, making phones more secure, she said.

"We feel like the security of these devices is pretty strong," Leoung said.

Even the team at NYU is not suggesting you disable your thumbprint ID.

Memon still uses his touch ID to unlock his phone, but says a PIN is much more secure.

Apple and Google did respond to our requests for comment.

 

Cox Media Group

0
Comments on this article
0

Most Read