Fingerprint readers open up hacking vulnerabilities, expert says
Fingerprint readers could lead to more vulnerabilities for hackers to exploit, a cyber security expert has warned.
Speaking to CNBC, Professor Nasir Memon of New York University Tandon suggested that masterprints can now be used, which can be digitally altered to match the identity of specific users.
Even though every fingerprint is unique, many smartphones only use small and partial prints, making the sensors easy to trick. The devices also include several prints of different fingers and allow a number of attempts before they lock.
“If I have this glove or fake hand with these master prints on it then I can unlock say 25, 30, 40 per cent of phones.
“It’s as if I don’t have to get in through one window, but 30 windows. Any one of them is left open, I’m in. To a security person, that’s a problem,” Mr Memon explained.
Even though the technique carries risk, Mr Memon went on to say that he continues to use a fingerprint on his own smartphone.
“It’s so nice that I just pick up a phone, I just put my finger on the start button and boom it unlocks,” he explained, though he advised people to be cautious when using fingerprints for banking and significant financial transactions.
These comments come after a global cyber attack affected companies across the world earlier this month, including several NHS trusts in the UK.
Ransomware titled WannaCry caused the issue, which led to attacks on companies such as Telefonica, Deutsche Bahn and FedEx among others.
Cyber attackers threatened to delete files unless a ransom was paid. Effects of the hack continued a week later, with some accident and emergency departments still diverting patients.
Windows computers that were not updated with the latest security patches were especially vulnerable to the attack, particularly those with Windows XP, which had not received updates since 2014.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.