Prefer to listen to this piece?
"There's nothing more secure than a fingerprint scan, right?"
For offering us access to our most sensitive data, either for work or personal use, our mobile devices are a fairly unsecure portal in our pockets. While most modern mobile phones and tablets now come out of the box with fingerprint readers, these still have their weaknesses when it comes to guarding data from malicious threats. In this piece, we’re going to look at the strengths and weaknesses of fingerprint scanners on mobile devices.
The Strengths of Fingerprint Mobile Device Locks
- A fingerprint reader on a mobile device allows the device owner to use their own fingerprint as a means of authenticating their identity and gain access to the device. The advantages of a fingerprint reader or scanner are fairly straightforward.
- No one can “steal” your fingerprint short of stealing your finger (ouch).
- This authentication method also allows for quick, intuitive access to your mobile device.
- This quick access also means that there are no passwords, pins, or patterns to remember in order to gain access to a device.
The Weaknesses of the Fingerprint Mobile Device Locks
Fingerprint scanners and sensors would seem completely impenetrable. Well, they certainly aren’t. As much as we’d like to believe that our mobile device fingerprint scanner is on par with that of the vault-door fingerprint scanners we see in the movies, usually allowing our protagonist access to a highly secure government building, most are not on this fictitious level of security.
Fingerprint Scanners Using “Master Prints”
In order to keep costs low, many mobile device manufacturers install substandard fingerprint scanners that aren’t nearly as selective as we imagine them to be. Many of these substandard scanners don’t use every nook and cranny of your fingerprint in order to authenticate your identity, but rather identify a handful (no pun intended) of characteristics that may be present in a wide array of fingerprints. These similar shapes are called “master prints” and may match multiple people’s fingers.
In addition to this, multiple fingers may be scanned in order to make authentication more convenient. While handy for users, it increases the chances of granting false authentication. In order to test these systems, researchers at the University of Michigan created false prints based on master prints and gained access to fingerprint scanner systems as much as 65% of the time. Before you go worrying too much, know that these researchers were not testing these scanners on actual phones and claimed that real-life scenarios would make gaining access to a mobile device in this way much more difficult.
Unlocking Phones Using Fingerprints of the Incapacitated
For the sake of argument, let’s say that hacking the fingerprint sensor on a phone is virtually impossible — what happens if someone tries to unlock your phone with your own finger while you are incapacitated? Oddly enough, this has occurred, though typically not in scenarios involving bandits armed with chloroform-soaked rags. Most of the time, those attempting to gain access to devices are law enforcement agents attempting to gain access to the mobile device of incapacitated or even deceased suspects in a search for evidence. Not only can an incapacitated person’s finger typically unlock their phone, but it may also even be legal for law enforcement to obtain evidence in such a way that doesn’t violate the Fifth Amendment’s ruling against illegal search and seizure.
Despite this, most law enforcement agents still seek warrants before doing so in order to conduct thorough, ethical investigations. What about in the case of the deceased? Unlocking the phones of the deceased with their fingerprints has been more difficult for law enforcement for two reasons.
- Firstly, when most phones are turned off or the batteries run out (usually within 48 hours), a passcode is typically required to access their main systems rather than a fingerprint.
- Secondly, most fingerprint scanners also require electric connectivity for a fingerprint to unlock a device — something that the fingerprints of the deceased lack.
With all of that being said, your phone is more likely to be unlocked by one of your mischievous nephews using your finger while you are taking a nap in order to play a video game. This would imply that they are extraordinarily nimble and you are a very heavy napper.
How Fingerprint Scanners Can Take You out of a Secure Frame of Mind
Just like in a secure workforce, the primary threat to your cybersecurity is yourself. When you grow accustomed to using a fingerprint scanner to unlock your device, the unlocking gesture can become so second nature that you forget to protect the security of your device. Because you did not manually enter a code or swipe a pattern to unlock your phone, security is not front of mind. This reflexive unlocking may cause you to forget to guard sensitive details on your phone screen from wandering eyes or even to thoroughly lock your phone when not in your possession. Even the most robust fingerprint scanner cannot protect you from your own negligence.
Tips for Increasing Security When Using a Fingerprint Scanner
- Research the strength of your fingerprint scanner. When shopping for a phone, research the fingerprint scanner strength. Choose one that cannot be easily compromised.
- Utilize additional security measures. In the security settings of your phone, activate modes that would either power down or completely lock your device after too many false-attempts.
- Restart your phone immediately before sleeping. Not only is a restart good for your mobile device’s memory and battery, but it also requires a passcode to unlock rather than a fingerprint. This would remove the ability of a mischievous son, daughter, niece, or nephew from using your fingerprint to unlock your phone while you’re sleeping. (We must stress that this last suggestion is based on an extremely unlikely scenario.)
- Remain vigilant. Develop a way of reminding yourself that you are unlocking your phone with a fingerprint. Consider putting a message on your lock screen that reminds you that you are unlocking your phone.