Fear, Uncertainty and Doubt About Fingerprints
How Secure Are Fingerprint Sensors?
Ever since Mythbusters famously debunked consumer-level fingerprint sensors there has a been a rush to be the first to report a new vulnerability. In principle, this is great because it increases security. However, it does seem like it is starting to approach hysteria levels and I wonder if the media is projecting a level of trust in biometrics that isn't really common among the general population.
In April of 2017, the New York Times ran an article detailing a potential vulnerability of the inexpensive fingerprint sensors used in Apple and Android phones. Here is the lead-in quote:
In computer simulations, the researchers from the universities were able to develop a set of artificial “MasterPrints” that could match real prints similar to those used by phones as much as 65 percent of the time. (emphasis mine)
If I didn't have to read this stuff because of my job, I would have stopped reading right there because simulations and biometrics don't exactly inspire me with confidence. The idea presented in the research is interesting, however. Basically, fingerprint matching works by comparing features of the fingerprint that are located at an X,Y position and at a certain angle.
In the large-scale systems we work with, a fingerprint match typically contains thirty or more matching feature locations. For a tiny sensor on a phone they are going to have to match with a much smaller set of points - maybe ten or less.
Fewer points/smaller section of fingerprint translates to a higher probability of false matches. For a large scale system, the probability of false match is typically 1 in 100 million or better. Apple clams the fingerprint sensor on their phone has a false match probability of 1 in 50,000, which sounds reasonable for that kind of sensor. The researchers claim to have found a sort of "master key" set of templates which can make it much more probable than 1 in 50,000 that their fingerprint will be acceptable.
I can see how this might be possible, but without being able to test on the hardware itself it is literally impossible to validate. Apple/Samsung/etc would have to be involved in this test to establish this potential vulnerability and I suspect they are doing their own tests that are more complex than a simulation. Furthermore, phones lock and require a PIN after 3-5 tries anyway. This kind of attack is going to be extremely limited even in the best possible case.
But the bigger picture here is the view that somehow security has to be perfect to be useful. The only perfect security I know is strong encryption, and that may be vulnerable to quantum computers someday. But biometrics are tied to probabilities. As a biometric skeptic I am more than happy to entrust my sensitive banking information to a 1 in 50,000 false match rate with a 5 retry limit. That is WAY more secure than using my credit card at a restaurant where the waitstaff takes it out of my sight and could easily skim it.
I never used a PIN on my phone because it takes too long to unlock it the 30 times a day I need to open my phone. But I do use the fingerprint sensor because it is just as fast as the power button. Fingerprint sensors on phones may not be perfect, but I guarantee they are more secure than leaving your phone unlocked, and likely more secure than 99% of the information you protect everyday.