Biometric authentication using fingerprints is meant to both improve security and simplify the authentication UX  – but what happens when your fingerprint has been stolen?  How do you reset it?

Fingerprint spoofing

Fingerprint spoofing is not new.  It wasn’t longer after the iPhone 5S was released when the first successful demonstration of how to circumvent Touch ID was released.  The fingerprint systems of other operating systems and devices have also been hacked.

However, the process has usually been somewhat cumbersome, involving the use of  wood glue or latex to make a simulacrum of the fingerprint.

As simple as an inkjet printer

However, recent work at Michigan State University has developed a simpler technique involving nothing more than an inkjet printer and special conductive ink.

fingerprintsYou still need to acquire (ie ‘steal’?) a copy of the original fingerprint (by lifting it from a smooth surface).  But then all that is needed is to load up the printer with conductive ink and regular paper.

The result?  Digitally-transferable copies of fingerprints that can be used to circumvent fingerprint security systems.  Have a look at the video to see it in action.

Security is still high

Now this is not the end of the world (yet); fingerprint security is still strong:

  • anything is better than the ongoing use of simple passwords like 1234 and password
  • the technique requires the fingerprint to be acquired in the first place
  • you can’t do this remotely:  to make use of the technique you need to have physical access to the device

Concerns that arise

However, it highlights a couple of concerns for me.

Firstly, the theft and trade of confidential financial information (credit card details, internet banking logins, etc) is widespread.  So it doesn’t take too much imagination to contemplate an equivalent trade in fingerprints.

Secondly, and more worryingly, once your fingerprint has been stolen, what do you do?  The overriding virtue of a password is that its changeable –  but you can’t reset a fingerprint.  So what happens then?  I rather like my fingers as they are.

 

One thought on “My fingerprint’s been stolen! How do I reset it?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s