News, Security

RKN Global on Fingerprint Security & Mobile Phones

Posted on


Two well-known electronics manufacturers recently developed a mobile phone that accepts users’ fingerprints as a pass-code which can be used to unlock their phones and make purchases. While this form of technology is certainly very impressive, security issues have been highlighted. We tend to think that our fingerprints are unique, and that no-one in the world has a fingerprint exactly the same as ours. Although this may be the case, recent research has shown some similarities between fingerprints that can cause issues.

The issue centers around the fact that the systems used in fingerprint authentication do not capture the full fingerprint; instead the systems in question store certain parts of the fingerprint rather than all of it.  It is this feature that is thought to cause an issue, and allow between 26% and 65% of synthetic partial prints to successfully unlock phones. This, however depends on how many different fingerprints the owner of the phone has stored on his or her device.

This could potentially mean that hackers may be able to gain access to mobile phones, and thereby go on to read emails, access social media accounts, and even purchase products from online music and video stores.

Ronald Noble, founder of RKN Global, urges anyone who uses fingerprint technology to access their phones to do so with caution. Limiting the number of fingerprints stored on the handset may reduce the likelihood of phones being accessed by hackers.

Worryingly, those with Apple devices may be able to use their phone to pay for goods in stores. Users simply need to hold their phone close to the card reader before authenticating the purchase by allowing their phone to scan their fingerprint. This is certainly impressive technology, but a worry is that fingerprints can be copied. A copied or similar fingerprint may mean a stolen handset could be used to make purchases using money that belongs to the true owner of the phone.

Often, fingerprint recognition technology has backup systems in place. Indeed, some handsets allow users to erase the data on their phones after 5 – 10 incorrect attempts to unlock the phone. This feature could allow users to protect their handsets and their data should their phone fall into the wrong hands. Another way users can protect their handsets is a feature that requires users to key-in a passcode if the device is restarted.

A way to ensure that handsets are further protected from fraudsters is to avoid using fingerprints for transactions. This makes it less likely for money to be stolen from bank accounts or stolen and used to purchase goods in stores or online.

Let’s imagine for a few moments that I can create synthetic partial prints, and use them to unlock your phone. I could then gain access to your social media data, your emails, and some if not all of your online shopping accounts. I could change the delivery address and email so that I receive the goods in question while sending you the bill. I could also walk into a wide range of stores that now accept Apple Pay, for example, buy a weeks’ worth of groceries, a new TV, or anything I like, and charge it all to you. And I can do this, just by using a synthetic fingerprint that looks more or less like yours.

Keeping our phones safely away from thieves and fraudsters should be a priority. Huge changes in technology in recent years have brought with them security concerns about threats that could drain bank accounts within moments.  All is not lost, though. Users of the latest range of smartphones can take steps to keep their data safe; these include using a pin/pass-code and a fingerprint, if possible. Other steps can include:

Using a long pass-code – This will help to deter anyone who wants to gain access to your phone. A pass-code that contains both upper case and lower case letters in addition to numbers will make it harder to crack.

Turn off auto-fill – As handy as this feature may be, it can ultimately make anyone using your phone aware of your contact details. Auto-fill typically stores your name, address, password, and even bank details if you wish it to, so that you don’t have to fill those details in the next time you fill out a form. Keep your information a little safer by turning off the auto-fill function.

Limiting the number of stored fingerprints – While it may be tempting to store a few fingerprints in your phone so you can gain access to them when need be, the more fingerprints you have stored on your phone, the more vulnerable it is. It may therefore be wise to store just one or two fingerprints on your phone in order to limit access to any stranger who tries to unlock it.

RKN Global’s founder, Ronald K. Noble, emphasizes how important it is to keep personal data safe, and suggests keeping mobile phones as safe as you would keep your bank account details.

Thankfully, security continues to advance, and hopefully phone manufacturers will soon be able to develop a fingerprint scanner that is more secure, and less likely to unlock handsets for those who shouldn’t have access to them.

Continue reading