Tech You think a Fingerprint Scanner makes your smartphone safe? Think Again! By Nipun Arora 2 127 Share on Facebook Share on Twitter Share on Google+ Share on Pinterest Smartphones and internet have become an integral part of our day to day lives and with their evolution, it is almost impossible to spend even a day without them. The reason is simple, from accessing social media to making payments from our bank accounts, smartphones handle almost our entire life for us. They contain all our personal and financial information in their little processors and even the mere thought of losing this information to a malicious party is devastating. So, when Apple introduced fingerprint scanners with iPhone 5S, we all breathed a sigh of relief and now almost every flagship smartphone brand offers the same. Where once you were required to type in a lengthy password for everything, now you can even make your PayPal and Paytm payments with just a touch of your thumb. Sadly, cracking a biometric lock on your phone turned out to be a cakewalk. Hackers have very brilliantly cracked Apple’s Touch ID fingerprint scanners, uncovered PINs and have now also efficiently got past the iris scanning security. The thing with fingerprint scanners is that your finger prints can be easily lifted from anywhere (even from a disposable Starbucks takeaway). So, what can be done if fingerprints aren’t enough? The next step in smartphone security is Iris Scanning. It is already being used in Microsoft’s new Windows Phones like Lumia 950 and 950XL, but even that is not a fool proof guarantee of security for your smartphone. The Proof of insecurity A hacker named Starbug has easily accessed the German Defence Minister’s iris print using a 200 mm lens DSLR camera. The hacker claims that he can copy the image of any Iris print on a contact lens using a laser printer and can make even the securest devices, his playfield. Moreover, recent developments in iPhone security area have also worked wonders for scaring the smartphone users. After weeks of insisting that only Apple can allow it to crack the encrypted data on Syed RizwaanFarook’s (accused in the December shootings of San Bernardino, California) phone, it turned out that FBI didn’t need Apple’s help after all. Yes! The FBI has found a way to access the encrypted data on Farook’s phone with the help of unidentified third parties. Although, it is a great development for the case, this event raises new concerns regarding an average citizen’s smartphone privacy. Layers of Security on smartphones There are basically three layers of smartphone security. Number one being something that you know (like a PIN), the second is something that you have (like a watch or a fob) and the last one is you (fingerprints). Now, it doesn’t take a genius to figure out that the best layer of security for your smartphones is the third one. Biometrics or iris scanners are great guards of your privacy as they are not something that you’ll have to constantly remember or something that anyone can guess. However, using only a fingerprint lock on your phone can make it quite vulnerable to data thefts. By using 2-3 layers of security on your smartphone, you are comparatively safer and these layers don’t necessarily comprise of a PIN and a fingerprint, but can be multiple layers of biometrics. So, are we ever going to be entirely safe from data theft? As of right now, when we realise that the systems we’ve come to rely upon when it comes to the safety of our essential data can be easily spoofed, it is alright to get a little scared. But, the better news is that where all of these systems can be easily fooled in isolation, it becomes a lot more difficult to crack them when they are combined to create a multi-layered authentication process. Having a combination of fingerprint and iris scanners for your sensitive data, can resolve most of your security concerns and can ensure that you are not carrying open windows to your life and financial details in your pocket. For example, imagine a smartphone that requires your thumbprint to unlock and at the same time is also performing a facial recognition scan. Now it might be simple for determined hackers to fool one system, but spoofing both of them simultaneously is bound to be a little tricky. By combining layers, the weakness of one layer can be compensated by the strengths of other. And as mentioned earlier, adding a third layer of security in the form of something you own can solidify your chances of not getting hacked considerably. Google already allows users to unlock their smartphones by connecting them to a trusted Bluetooth device. Combining these three layers of security is enough to let you sleep soundly. The only problem is that it is all still theoretical, and users are still waiting for the smartphones that offer multi-layer security in budget prices. The Future! Engineers around the globe are working on developing advanced hardware for enabling sophisticated biometric recognition by combining it with behavioural algorithms that will easily detect anomalies in user behaviour even if someone else manages to unlock your device. The renowned hacker, Starbug, himself points out that using certain biometrics, like a pulse inside the eye while iris scanning, which are not anymore a thing of distant future can be used to make devices extremely secure as in such a case, simple lifting of iris print won’t fool the systems. NEC is also working on a new method of scanning the inside of a person’s eardrum to unlock devices, and it believes that such a system will be live by 2018. Till then, let us stay extra cautious and use at least a combination of PIN and biometric to keep our sensitive data safe from the prying eyes of hackers and other malicious parties.