Biometric authentication using fingerprints is meant to both improve security and simplify the authentication UX – but what happens when your fingerprint has been stolen? How do you reset it?
Fingerprint spoofing is not new. It wasn’t longer after the iPhone 5S was released when the first successful demonstration of how to circumvent Touch ID was released. The fingerprint systems of other operating systems and devices have also been hacked.
However, the process has usually been somewhat cumbersome, involving the use of wood glue or latex to make a simulacrum of the fingerprint.
As simple as an inkjet printer
However, recent work at Michigan State University has developed a simpler technique involving nothing more than an inkjet printer and special conductive ink.
You still need to acquire (ie ‘steal’?) a copy of the original fingerprint (by lifting it from a smooth surface). But then all that is needed is to load up the printer with conductive ink and regular paper.
The result? Digitally-transferable copies of fingerprints that can be used to circumvent fingerprint security systems. Have a look at the video to see it in action.
Security is still high
Now this is not the end of the world (yet); fingerprint security is still strong:
- anything is better than the ongoing use of simple passwords like 1234 and password
- the technique requires the fingerprint to be acquired in the first place
- you can’t do this remotely: to make use of the technique you need to have physical access to the device
Concerns that arise
However, it highlights a couple of concerns for me.
Firstly, the theft and trade of confidential financial information (credit card details, internet banking logins, etc) is widespread. So it doesn’t take too much imagination to contemplate an equivalent trade in fingerprints.
Secondly, and more worryingly, once your fingerprint has been stolen, what do you do? The overriding virtue of a password is that its changeable – but you can’t reset a fingerprint. So what happens then? I rather like my fingers as they are.