While the world is still recovering with the backlashes of WannaCry ransomware computer virus, there is another new problem to be concerned about. The fingerprint identification process, which is a new user identification criterion employed in many modern day computers, can now easily be compromised with a spoofing process.
Earlier this month Synaptics, a fingerprint identification sensors and touchpad maker, issued a warning that for the sake of saving around 25 cents per system, many companies are switching to smartphone fingerprint sensors instead of more secure laptop sensors.
While speaking with VentureBeat, Godfrey Cheng, vice president of product for the Santa Clara, Calif.-based company, said:
Fingerprint identification has taken off because it is secure and convenient when it’s done right. When it’s not secure all of the way through, then that’s an exposure that an attacker can exploit.
Smartphone finger-print sensors use no encryption method to send those fingerprints to the CPU, which makes the vulnerable to snooping software and hacks. However, Synaptics sensors utilize an encryption and a secondary host processor for the recognition process.
Cheng said that the encryption method makes it difficult for the hackers to operate the the computer remotely. Users have a general idea that because of being unique, the finger-prints are safer than passwords. They are correct as well, however, the manufacturers choice of using cheap sensors is making this notion a false one. Cheng said:
There are two types of fingerprint sensors in the notebook market today. Those that are encrypted and safe, and those that are unencrypted and unsafe.
Hackers may easily inject a snooping software into your system which would sniff out the image of your finger-print from your laptop. The hackers may snoop into your system using that data and create causalities.
Cheng said:
Some computer makers will compromise their brand and customers for 25 cents. That’s wrong. They claim they have encryption, but not on [the] link of the sensor to the host
He also quoted:
Encryption is only as strong as its weakest link.
Laptops are more prone to hacks because users don’t always carry them from place to place, whereas smartphones are always stuck with the users in most of the cases. This the prime reason as to why certain cheap sensors would do with a smartphone but would be utterly useless with a laptop.
Two-way identification process is extremely recommended for security sake. Users must cast both finger-print as well as face recognition security scheme to stay aloof from security threats.
Cheng said:
Fingerprint identification will have breakages, as no security is perfect. We will continue to step up. Security is weighed against convenience. Somewhere in the middle is a happy medium.