Jump to body content.

Fingerprint authentication: a security risk?

Katie Newton thumbnail By Katie Newton | 12 September 2013

Kent expert in cyber security comments on Apple’s new fingerprint recognition sensors.

Fingerprint
Finger
Picture by Nick Ares. Licensed under CC BY SA

The Apple iPhone 5s features fingerprint recognition sensors to unlock the phone and make purchases, but according to a University expert in cyber security, fingerprint recognition could be subjecting users to more security risks than they realise.

Dr Eerke Boiten from the University’s Centre for Cyber Security Research, said: ‘Following recent revelations by Edward Snowden, it seems a bit unfortunate for Apple to be releasing a new iPhone with fingerprint recognition right now.

‘Security protection on mobile phones in general is weak enough that private data of all kinds can be obtained maliciously. In particular, the recent Snowden revelations suggest that the National Security Agency (NSA) can get at any data on an iPhone if it wants to, with “scripts” specifically aimed at data such as mapping, voicemail and photos. In that context, it is hard to believe that “securely stored” fingerprints could really be much better protected.

‘At first glance, adding fingerprint recognition to phones might appear to be a way of increasing security. It may entice more users to secure their phones: as it currently stands pin code security is left unused by a significant fraction of phone users. It also provides an avenue for “multi-factor authentication”, a modern and more secure way of proving your identity by not only using something-you-know (like a password) but also something-you-are (like a fingerprint).

‘However, like with many other biometrics, the consequences of a fingerprint being “stolen” are significantly worse than with a stolen password. A fingerprint being stolen could compromise all possible future uses of that fingerprint in other applications, as obviously you cannot “get a new one”.’

Dr Eerke Boiten is Head of the Security Research Group in the School of Computing, and the Director of the University’s Interdisciplinary Centre for Cyber Security Research

For more information contact Katie Newton.

Tags: Comment, Research

Follow us

@unikentnews  

Corporate Communications - © University of Kent

The University of Kent, Canterbury, Kent, CT2 7NZ, T: +44 (0)1227 764000