No system is foolproof, but fingerprint hacking is an unlikely target for identity thieves
Fingerprints have become our new passwords, unlocking smartphones and other devices that have become payment gateways.
In some countries, major credit card companies have even issued physical cards that use your fingerprint as a security measure instead of a PIN.
But, how hard is it to hack your fingerprint?
Not very, according to a German biometric expert and member of the Berlin Chaos Computer Club, which specializes in detecting security vulnerabilities. Starbug, as he refers to himself, put a video online that shows him lifting a fingerprint from a smartphone and then creating a copy that he uses to log in.
But in a phone call we made to Starbug — enabled with a thumbprint of course — he said there’s no need for panic.
“It definitely won’t happen to normal people,” says the biometric security expert. “You lose your phone on the street and no one will try to get the data because the people won’t know you and they don’t have information on you.”
Though his video shows how fast someone can make a copy fingerprint with inexpensive materials and access to a high-quality printer, Starbug believes they would only go to the trouble if they knew the value of the information on your phone. In other words, a suspicious spouse would be more likely to try this than a stranger who finds your phone on the street.
What about hackers accessing a database containing your fingerprint? Also not very likely, according to Dr. Brian Martin, director of biometric research at MorphoTrust USA, a company that specializes in biometric authentication technology.
“All of the biometrics that we spoke about, they actually start from an image,” says Martin. “The biometric features are then extracted and stored as ones and zeros. These ones and zeros are sometimes encrypted and sometimes just mixed up and they are generally impossible to reverse engineer.”
Nevertheless, other biometric authentication methods are on the way. For mobile payments, users may soon be able to identify themselves not only by touch but also through iris or facial recognition, a move Martin hopes will lead toward using multiple forms of biometric authentication to ensure no one, including masters of the trade like Starbug, can get to your personal information.