Nothing about fingerprint scanners on smartphones makes sense
Time and time again, I’ve found myself defending the technology of years past as it catches a second wind and starts to make inroads upon the smartphone landscape: I adore the return of the stylus on devices like the Galaxy Note (except for those big, blunt, generic capacitive styluses which rightly deserve to die in a lake of fire), I think an infrared transceiver is a versatile, inexpensive addition any phone could benefit from, and I wish FM radio tuners were as ubiquitous as Bluetooth support.
There’s one thing, though, right on the cusp of making a big comeback, that I just can’t get behind in any way, shape, or form: fingerprint scanners on phones.
If we’re to believe all the rumors and leaks, Apple could be implementing just such a scanner on the next iPhone, and there’s some evidence suggesting that Samsung has its eyes on something fingerprint-related of its own. Right now, that pair is dominating the smartphone industry, so you had better believe that any trend they get going, other manufacturers will follow. Granted, Motorola already tried to drum-up interest over fingerprints with Atrix phones (above), but either one of these companies has a whole lot more clout than Motorola ever did.
But what’s so lame about fingerprint scanning in the first place that has me spouting this kind of bile about it? Let’s start by talking about security in general.
There are a number of ways users can authenticate themselves, and a popular breakdown in the security industry is looking at these ways in terms of things you have, things you know, and things you are. For instance, a physical key (or keycard) could be something you have – a token that you could give to someone else in order to grant them access. Something you know is a password or passphrase – it can be shared just like a key, only since it’s not physical, it can be harder to control its unchecked distribution. Finally, there are things that you are – this includes iris scans, as well as our topic at hand, fingerprints.
Combining a number of these factors can lead to increased security. For instance, if you use Google’s two-factor authentication, you need something you know (your account’s password) alongside something you have (your phone, to which Google sends an authentication text).
There’s a sliding scale of trade-offs with all these different types, and “things you have” tend to be viewed with a higher regard in terms of the security they offer. After all, it’s decidedly more difficult to fake an iris scan than it is to surreptitiously watch someone typing in their password. The problem with such authentication methods is that while they can be much more difficult to fake, they’re also more difficult to verify – there’s substantially more processing power needed to authenticate an iris scan than to verify the legitimacy of a password.
More than that, when we’re dealing with physical measurement, we need to allow a certain degree of give; a key may change size on the microscopic level due to thermal fluctuations or the accumulation of dirt, and over time it’s slowly going to wear itself down. While a good lock won’t respond to the incorrect key, it should also allow for tolerances that won’t lead to the correct key being wrongly rejected.
A prime example of how this goes wrong is the face-based lock available on Android; it has to allow for tolerances so wide in order to avoid false rejections that it ultimately offers very little security.
The Fingerprint Problem
How does all of this relate to fingerprints? Well, for one, they can offer a false sense of security due to how much they seem like a “thing you are,” yet in reality they function a whole lot closer to a “thing you have.” The problem is how poor fingerprint scanners are at confirming the actual presence of a real live finger, versus just a copy of a print.
If you’re a fan of MythBusters you might have seen the team tackle this very issue, and the bottom line is that it’s relatively easy for a determined attacker to get a copy of your fingerprint (often without your knowledge), fabricate a fake, and use it to bypass a scanner with an acceptable success rate. Those accuracy problems I mentioned mean that scanners will often authenticate a “close enough” scan.
But wait – this isn’t a bank vault we’re talking about here. Who’s going to take the time to fake your fingerprints? Admittedly, the chance of such an attack seems low, but think about what your prints are protecting. Rumor has it that Apple might be tying its own system to some sort of mobile payment framework, so your finger might be the one thing standing between a crook and your bank account. Even if you’re just using it to secure your phone from prying eyes, with all the info we save on our devices, being able to break that lock becomes more valuable every day.
In the end, it’s face unlock all over again – there are a few extra steps to take, and it introduces some new constraints, but we’ve got the same problem where it seems more secure than it actually is. And you know, at least with face unlock it didn’t require any extra hardware to implement – this just seems like it’s going to add expense, take up space, and offer little benefit.
What about all that multi-factor business? Even if fingerprint scanning isn’t perfect, won’t it at least help augment the security of something like a PIN lock? I will absolutely concede this point – but that’s not how things will work on phones. At least, that’s not how it worked on the Atrix 4G and I really can’t see Apple or Samsung doing things any differently – users are going to expect that any new security for their phone is no more obtrusive than what they’re used to, and they won’t put up with needing to pause to enter both a password and scan their fingerprint.
What about practical issues? Weren’t we JUST getting to a point with smartphones where they were stopping being so picky about interactions with bare fingers? Now we’ve got gesture controls, hover events, and extra-sensitive touch sensors that work right through a pair of gloves.
Heck, maybe we didn’t even need those new sensors – when I went glove-shopping back in January, I don’t think I could find a pair that didn’t have built-in support for smartphone use, thanks to capacitive pads embedded in the fingers and thumbs. We were all ready to start keeping our hands warm all winter long while still being able to use our phones, and now there’s this new threat of needing to de-glove to authenticate hanging over our heads.
I could keep going on about the failures of fingerprint scanning at some length, but for the sake of saving any chance of brevity I’ve got left, let me wrap things up.
Fingerprint scanners on phones are not the highly secure systems they may seem to be. They ultimately offer little more security than a physical token like an NFC tag you carry on your keychain, yet introduce new cost and manufacturing concerns.
I like the idea of bulletproof phone security. I want a way to keep my phone safe that’s as simple as swiping my finger. But that’s just not what this technology offers right now, and we’d be doing ourselves a disservice by bringing it to next-gen handsets.