Why fingerprints shouldn’t be used for security

by: Gary SimsSeptember 23, 2013

fingerprint-scannerApple is clearly very pleased with the iPhone 5S and although its new biometric security system TouchID seems like a neat feature at first glance, the use of biometric data for security isn’t necessarily a good idea.

See Also: How Fingerprint scanners work

The problem with fingerprint scanners is that they aren’t as secure as you might think, it raises some interesting privacy issues but worst of all once your biometric information has been compromised you can’t change it.

In terms of security, the Chaos Computer Club (CCC) has already shown that Apple’s TouchID can be tricked using easy everyday means. Although we are only talking about a $600 smartphone and there are easier crimes to commit than trying to lift someone’s fingerprints just so you can access their phone, the weaknesses in fingerprint scanning are applicable to every situation where they are used including on identity documents (like passports) or scanners at supermarkets. In 2007 the CCC demonstrated how to trick a fingerprint scanner at a supermarket resulting in a shopping bill being charged to someone else’s account. In 2008 the group included thin film copies of the fingerprints of the then German Minister of the Interior Wolfgang Schäuble in its club magazine. The CCC’s webpage on how to fake fingerprints was uploaded in 2004, nearly a decade ago and the techniques described remain valid today.

You can easily be forced to unlock your phone against your will. Forcing you to give up your passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands - the Chaos Computer Club.

There are also serious privacy questions around the use of biometric data. A senior US senator has written to Apple asking the Cupertino tech giant how the fingerprint data is encrypted on an iPhone 5S, whether any diagnostic data is ever sent back to Apple about the fingerprints and the exact legal status of the biometric data – does it belong to Apple? Could the data be subpoenaed?

The reason Senator Al Franken is asking these questions is because once your biometric data has been stolen you can’t change it. “Let me put it this way: if hackers get hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life,” wrote the Senator, who is also the chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law.

Today, if someone hacks one of your online accounts you just change your password. If someone steals your bank card, you just cancel it and get another one and so on. But if someone managed to steal and use your biometric data you can’t change your fingerprints. You can’t alter your retinas or modify your DNA. The fact that these characteristics are fixed is why they are used in crime detection, but using them for information security is dubious.

Worst still you leave a biometric trail wherever you go, everything you touch, every piece of skin or hair that falls leaves biometric information about you. Again that is why it is so useful for solving crimes, but you wouldn’t go around leaving fragments of your passwords everywhere would you?

[quote qtext=”It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token. The public should no longer be fooled by the biometrics industry with false security claims.” qperson=”Frank Rieger, spokesperson of the CCC” qsource=”” qposition=”center”]

In context we are only talking about accessing someones phone, I understand that. And some may think that using TouchID as an easy way to stop people using your phone is great – and maybe it is. But what if in the future my banking information is verified via TouchID? What if I can pay at a shop or online store using data verified by TouchID? Then suddenly lifting a copy of my fingerprints from a glass of soda means a criminal can empty my bank account and go on a shopping spree. Maybe we should stick to other forms of authentication.


  • Bone

    Using a fingerprint scanner on a device that’s a fingerprint magnet is a set up for disaster.

    As a matter of fact, the easiest way for a thief to find a usable print for unlock may come from the fingerprint scanner area itself, think about it. Some powder or even some sprayed material on the remaining print on the scanner and a thin glove pushing it might even unlock the thing without spending a full minute hacking it.

    • mobilemann

      same can be said for slide to unlock, or pattern entry. If you want to get to it, limited number of attempts on a password is the only semi secure way.

      • pattern unlock you just wipe even a portion of the screen and the pattern mark is gone. For fingerprints you would almost have to wipe down the entire device…

        But yes, without limited entries + auto wipe, no method is secure.

  • RarestName

    Can everyone just shut up about Touch ID already? If you really didn’t care about it, why do you people keep on talking about it?

    I go to an iOS blog and it talks about Touch ID.

    I go to a tech blog and it whines about Touch ID.

    I go to reddit and people are talking about Touch ID.

    I go on to Facebook and Twitter and people are talking about Touch ID.

    I come to an Android blog and the blog’s talking about the stupid fingerprint scanner that “impressed no one.”

    No one talked about it like this when the Atrix had it.

    Stop adding to the hype.

    • The article is a device/manufacturer independent look at the security issues around using biometrics.

      • mrjayviper

        the timing of the article seems suspicious if it’s device independent. And having read the article, I don’t think you were talking about another device other than the new iPhone. iPhones uses a specific fingerprint technology based on Authentec. A company apple bought. I doubt this technology will be licensed to someone else.

        • There is nothing suspicious about the timing, the release of the iPhone 5S has pushed this technology into the hands of millions of people. The article talks about the iPhone 5S, of course it does. But the warnings are the same for any biometic system – Apple, Android whatever.

    • Nandi

      No One Talked About It When The Atrix Had It… Because No One Really Used The Atrix… How Many People U’ve Met Had An Atrix And Wat Was The Fingerprint Scanner In Atrix Capable Of Doing ???

      But When It Becomes The Central Authentication Technique On An iPhone, It Becomes A Cause Of Concern… Because Millions Are Gonna Be Buying An iPhone And Using The Touch ID To Authenticate In-App Purchases… Touch ID Not Only Unlocks The Phone, But Can Also Be Used To Authorise Purchases On iTunes, And Within Apps…

      Wat Makes It A Bigger Issue Is That, Since Its On The Apple Platform, Its Gonna Make Its Way Into The Major Android Devices Soon Enough… Articles Like These Spread Some Awareness On The Potential Pitfalls & Dangers Of This Half Baked Technology…

      Next Time U See The Headline Talkin About TouchID, Just Skip It :P

      • Skye Lowry

        Why Does Every Word Have A Capital Letter In The Beginning?

    • Fareed Naga

      cause it’s the number one smartphone bought in USA?

    • Jason Yuen

      The reason people are talking about it is because it’s not about the phone or Apple. It’s about the direction the industry is headed in and to raise awareness to the public that this may not be the way we want to go. People will falsely believe that fingerprints are the holy grail to security when it is not. It is similar to the polymer bills that are coming out in many countries to replace paper bills. People are over confident about the bills and thus become careless when handling their money. In reality, there are confirmed polymer counterfeits in circulation. The hype is well founded, but not in the context that you are thinking.

      • Apple_Nexus

        You make a good point, however, you can still set a pass code and apparently 50% never use a code to unlock their phones so a fingerprint will offer more security than no pass code at all.

      • Moto_x

        I thought the industry is heading to face unlock according to Android users when this came out in Android phones. I feel your comment implies that Apple is really the trailblazer in opening new markets, this time with touchID.

        • Jason Yuen

          Face unlock was clearly more of gimmick because there is the obvious question of identical twins being able to unlock the same phone, bad lighting, etc.. Face unlock was nothing more than a toy which never took off. It was never sold as a security feature. It was sold as a toy. Apple on the other hand not only sells it as a security feature, but boasts how secure it is and even goes as far as making purchases with your finger print. Android never got anywhere near that point. I wasn’t saying Apple was trailblazing in my post, but on the other hand I do feel they aren’t innovating like they used to. 64 bit processing is also a natural evolution of technology. In fact, the real benefit of 64 bit is being able to address memory locations greater than 4gb which actually looks like Samsung is going to need first.

    • Infotech

      You are 100% right… this Android blogs are more worried about apple than Android itself. wasting too much time trying to put Apple down. buying an iOS device is optional. Don’t feel comfortable using your finger print to unlock your phone? using the password instead is still an option. and if you don’t want touch id… buy and iPhone 5, HTC one, or a Galaxy S4. They are all good phones.

      • Hmmm… I think you need to relax a little. If you had bothered to read other posts I have written you will see that I give Apple credit where due, for example I have written here several times about Apple’s early entry into the 64-bit market and given them the kudos they deserve.

        I am not in anyway trying to put Apple down. In this context the iPhone 5S has pushed fingerprint scanning technology into the hands of millions of people. But the warnings are the same for any biometic system – Apple, Android whatever.

  • Toe

    What’s the difference between touch ID And facial recognition? I opened my note 8 with a picture of myself. However with touch ID you have to go through a lot of work to retrieve someone finger prints..

    • Unlocking a device is only a very small part of biometics and only a very small part of TouchID. Apple have also shown that it intends for TouchID to be a used for more than just unlocking a device.

      • Jason Yuen

        Unlocking a device is enough of a breach to make this technology useless. You might think your contact information is secure and everything but all it takes is one of your friends to lose their unlocked phone with your contact information for it to be at risk. The problem is that people value convenience over security. That won’t change.

  • Yes

    Retinal scan!

    • Jason Yuen

      did you read the article?

  • Yama

    My shit is brown, but sometimes green…..

    Ps, i like potato.

  • jeddo45

    Who cares really? I don’t think peopleaare that desperate for a pair phone anyways.

  • natjsb

    Gary Sims… You sure love TouchID. One article after another. When you’re done with the negative side of things, try flipping the coin for the next article you will write about TouchID. :P

  • cycad007

    Let’s be fair. I wouldn’t exactly call CCC’s hack of Touch ID to be using “easy everyday means”. It’d take a good amount of time & effort to pull it off. Most thieves would not be able to pull it off.

  • Not an idiot

    Another typical example of an article written by someone with little to no understanding of biometrics. Firstly, no biometric authentication system would store an image of someone’s print. Points are mapped, turned into a binary string, then passed through a logarithm. Even if you managed to get your hands on the resulted stored string, and the logarithm used to encrypt it, you would still not be able to reconstruct a print from it. As to tricking the sensor, this a $600 device, so the sensor will be cheap, photocopy someone’s finger print and you could probably fool it. But, and it’s a big but, any half decent Biometric scanner (the type likely to be used in banking or anything similar) would not be photoelectric, it would work on induction, meaning only a living piece of tissue will return a reading. Sorry Hollywood, no fancy silicon finger tips or cutting off someone’s thumb to pretend your them.

    In summary this is a low security method of locking a phone. Would I use it, no, does it present a rick to society, not in the slightest.

    • Dear “Not an idiot” can you please tell me where the article says that the image of someone’s print is stored? Also you seem sure about the system used to encrypted the stored biometic data but the chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law doesn’t seem to have that information, could you please share it with me and him so that we can all be enlightened.

      Also, and I hate to go on here, but the CCC has proved that you can fool this sensor with a silicon replica of a fingerprint, further more according to the CCC, this process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

      One other thing, the point of the article is to expose the general failures in using fingerprint technology including privacy concerns and the fact that if your biometic data is compromised you can’t change it.

      Regardless of which other sensors are available, the one in the iPhone 5S could be used by millions of people to authenticate their ID for a variety of online services provided by Apple. Since the iPhone 5S will sell in the millions that does pose a risk. If their data is compromised somehow (no system is 100% secure against attack) their thumbprints become void for every service that uses biometic data. The same argument could also be used against any Android device employing fingerprint tech.

      So please, before you get all high and mighty declaring that the article is “written by someone with little to no understanding of biometrics” please check your facts.

      Thanks for your attention. Gary.

  • hoggleboggle

    From a convenience point of view to deter the typical thief the TouchID concept is perfectly acceptable and not really any more insecure that a Pin or pattern. It is a quick way to unlock the phone, especially when driving. A dedicated thief will be able to get around it by just lifting one of the many fingerprints off the phone itself, but they will be able to get around most security measures. What’s more, unlike Google’s face recognition it actually works :)
    What is a big mistake is to tie the fingerprint into anything more than just unlocking the device. Being able to make purchases with it is a massive no-no.

    • NeedName

      You directly contradict yourself by saying the TouchID “works” unlike Google’s face recognition but fully admit, “A dedicated thief will be able to get around it by just lifting one of the many fingerprints off the phone itself. . .”

      Sounds to me like it doesn’t really work to “secure your phone” at all.

      • hoggleboggle

        How is that a contradiction? compared to how well Touch ID works Face recognition is just a gimmick. “working” i.e. the process of using the item and getting it to do what it is supposed to does not imply it is useful or effective. a £1 padlock and chain will work just as well as a £100 one, but isn’t anywhere near as effective in stopping a thief. Touch ID will stop the average druggie from accessing your phone for long enough for you to disable it remotely and it will stop your mates in the pub from mucking around with your phone and posting dirty remarks on facebook. That is all it really needs to do for 99.999% of users out there. If you want anything more you will have to use a long passphrase or pin.

        • martin

          Hey! What if you want to unlock the phone with a different finger? Do i have to re-recognize the new finger print again? You know, face unlock actually works since day 1 of the android 4.0. It recognizes your face and unlock quicker than the iphone recognizing your print. The problem is that you have to stick it in front of your face. I think that the finger print unlock is good, but it is nothing revolutionary. If you think apple with its finger print unlock gimmick is succeeding, you are gonna have a bad time because seriously if i go back to iphone right now after adapting to android, i would smash it to the ground with all the things i can’t do with it.

          • hoggleboggle

            you seem to think I like the iPhone. I personally would never buy one as I think they are far too limited and restricted, but I can still appreciate aspects of it if they are well implemented.

    • Fox Ray

      Actually anyone should just grab there phone right now and try to find a perfect usable fingerprint, it will be hard to find one because no one actually presses his finger completely on it screen. Furthermore we scroll, swipe and so on making them completely useless. Finding a full fingerprint is actually harder than most people think because what we leave around partial fingerprints. Its easy for this hacker group to this if you take in account that the fingerprint was given, it becomes another story when you have to look for it and finding the right one.

      • Nick DiLello

        I respectfully disagree, you are speaking of the screen, but there are several other places the fingers make full contact…think of the back where you grab and hold it, that is generally a full set ;)
        Remember, there is also the other aspect as we have all learned…the government is snooping on all of us, you would have to be naive to not believe this….

        • Fox Ray

          You leave a couple of thousands fingerprints behind on a daily basis, of these not even 1% is useful. Why? Because your fingers move over surfaces that you touch and rarely are perfect. Moving your finger for even 1mm makes your print useless. Now unless you polished the back of your phone and perfectly grabbed it and than just lay it down for someone to steal yes than it would be possible, all tho not a full set because your thumb should not be present on the back and depending on the size of the model even your pinkie should be absent.

          Here is a reality check, if a government agency is after you, a pin code or a fingerprint ain’t gonna matter, your screwed.

      • lil bit

        Found alot of nearly perfect ones on the back of the phone, but then again my phone is Xperia Z.

      • ᅠᅠᅠ

        The CCC lifted usable prints from the German Minister of the Interior, though. If it were as hard to get usable prints as you claim, I don’t think they would’ve been able to do that for a major political figure who surely is protected by a strong security detail and can’t just be approached easily. I very much doubt they had access to any of his personal items like his phone, and it doesn’t look like they needed it. From what I vaguely remember about the payment demonstration, they lifted the prints they needed from a drinking glass the victim left behind at a restaurant. Add the fact that only a very small number of partial prints can be rather easily reconstructed into a pretty complete one.

  • Balraj

    Is this article targeted at Apple or fingerprint scanner lol
    Cause even htc one max comes with fingerprint scanner

  • Vinnie

    Personally, I think the fingerprint scanner is a great idea as long as the person using the phone is aware that it really isn’t terribly secure. There seems to be a lot of concern here that the next thing that’s going to happen is that a persons bank account is going to get hacked or their identity stolen. You’re watching too much television if you think that single layer security cracking is going to get someone very far. And as someone else already pointed out, the iPhone scanner is just a cheap tool which is nothing like a professional scanner and anyway you’re still putting pin/password protection on the apps that have your sensitive data, right? Lighten up folks, the end of the world as we know it isn’t threatened by this in the least. Enjoy it for what it is.

  • Jason Yuen

    There is nothing wrong with using fingerprints as a security measure. The flaw here is that Apple chose to take the route of completely replacing a pass code in favor of finger prints. Yes you can still use passcode but I say completely because that’s all you need to gain complete access. What should have been done is to use fingerprints as a second layer of authentication on top of a passcode. Instead of using it for security, why not use it like 10 little NFC tags on your finger tips? Non security risking tasks could be assigned to each finger. That would set it apart from Android’s tasker apps.
    Finally, Apple could do a lot by making passcode authentication a necessity. I have worked at a trade-in company similar to Gazelle and most iPhones that come in have no lock code on them whatsoever. Some even leave their activated sim card and facebook logins on the phone. All this fuss over fingerprint security is not much of an issue in the real world. It is however a huge issue as a topic of discussion and where it’s leading the industry.

  • Robbie Bone

    Yes this Touch ID will not be 100% secure. Though I think it is far more secure than any other available authentication system out there. A pin or password, as many of you will know, may be intrinsically more secure, however how many times have you had a friend or family member peak over your shoulder whilst tapping it in? For this reason, a pin is an awful security measure. Passwords are slightly better because it’s harder to see and remember them. Fingerprint scanners obviously get around this because you obviously can’t look at their fingerprint. Also, the face recognition system in android phones is probably the worst of all systems. I’ve managed to unlock the android phones by holding up a picture of myself, and obviously you can’t use this system if you’re in the dark. So I honestly don’t understand how android authority can have a go at Apple when android phones have the worst authentication system to date, and despite not being perfect, Touch ID is the most secure to date. Yes, you can force someone to touch the scanner or lift their print. But I believe this risk is less than someone peaking over your shoulder, or holding a picture of yourself up to the phones. It’s all about weighing the risks and benefits up. Touch ID is the clear winner.

    • john

      face recongition is fast in SGS4 and you can blink for more security. Maybe you need add reasons for buy iphone 5s. This article is clearly winner against “innovation” of apple. Apple years ago has intent patent of face recognition( but it existed in android) so you can make conclusions.

    • hgv

      I don’t think the article is talking about the effectiveness of fingerprint security. I think it’s talking about the dangers of storing that kind of data on something stupid like a phone. If someone looks over your shoulder and sees your pin number, so what? You can change it. But if someone was able to steal and access your phone to get your finger print… That’s gonna give them a lot of access to some serious stuff and you can’t do anything about it. I’ve only seen this in a movie once but someone put a thin rubber layer over their fingers with someone else’s finger print on them. Think about committing crimes and leaving that finger print all over the place. And what can you do about that? Can’t just change it.

  • ack

    The problem is linking biometrics to purchases/bank systems. The implications are frightening. But clueless “journalists” will continue to support whatever Apple does wholeheartedly.

  • William Worlde

    Wow! Thank you for this. I never considered the aspect of one’s ***stored*** biometrics being stolen. I’ve always thought biometrics as security is great because no one else has yours – fingerprint or retina.

    I suppose a good way of ensuring your biometrics always(?) stay safe is by using the highest grade current algorithm to verify the biometric and ***delete*** this info once verified. Obviously, the next time you log in, a different algorithm is used. Makes sense?

    Is Apple providing a false sense of security? The Senator raises some important Qs, not that it affects me, as I’m an Android user. But, since I don’t trust Google *at all*, you know if/when they implement this full-scale on their Android devices, they *will* be mining your data even more. They will become the true Big Brother, if only sinister. And, the *only* way you’d get them to change their policy is via the courts.

    Hmmm….. Interesting.

  • john

    In Android Smartphones has had all that security modes but now apple makes your own fingerprint and it is the great innovation. It shows the ignorant of apple´s fans because they don´t see nothing if anything is not selled by apple. (apple is not manufacturer) apple is software maker and ios7 is their worst product.

  • Androidslikebiscuits

    I feel really sorry for people with adermatoglyphia (no fingerprints) what are they going to do!? :(

    • mrjayviper

      get another phone? it’s not the end of the world

  • Angino

    A desperate thief may not just get your phone but your hand as well. LOL.

    • mrjayviper

      or he could just beat to a pulp you up til you give him the pin/pattern to unlock an android phone. I know which one is worse.

  • Guest

    Oh, that one of the reasons why we call Iphone >> Ish*it

  • Qu Gh

    Oh, that one of the reasons why we call Iphone >> Ish*t

  • Thorwald Persson

    The article describes a scenario that may well happen. The essential point here is that their biometric data can not be changed. Moreover, it is much easier to collect biometric data than passwords.

    I do not want systems that can risk everything. I do not think you’ve thought at all. In order to prosecute crimes is biometric data is a good method, but to lock the phone, door or confirm payments, it’s a lousy and downright dangerous method. We have already seen the movie how to cut fingers and protruding eyes to gain access. What is there to say that the criminals would be nicer in reality.

    • NeedName

      Just seen a video today of a guy, with an accomplice, choke out a guy and stab him multiple times just for his phone.

      No doubt we’ll be seeing fingers taken with the iPhone 5S robberies soon to come.

      I’ll pass and keep my fingers, thanks.

      • Valtheus

        Actually the sensor in 5S doesn’t work with dead skin so you shouldn’t worry about your fingers. ;-)

      • Gary

        You are more worried about your finger than being choked and stabbed?

    • Hali

      What I don’t get about the article and your statement here is the part that has to do with crime. You are saying that once i lose my biometric data, it is gone forever. So if I lose my fingerprints, someone could easily plant them at a crime scene. They could collect strands of my hair and plant that too. By this logic the LAST thing we should use biometric data for is prosecuting crimes? It would be much worse to be wrongfully sentenced to prison than having someone purchase apps on my mobile phone (and probably about as likely). Maybe that’s just me, though.

  • Pranav

    Nice article.. Concrete logic.

  • Valtheus

    The Touch ID in iPhone 5S is nothing more than a marketing thing. If they expand its use other than unlocking your phone or buying staff from the app store, Apple will get in trouble eventually. The article is right about biometric data and their use in everyday transactions.

  • Sunny

    Password code will do,no need for fingerprint scanner,once stolen,you are in deep trouble for life!

    • Gary

      I can’t think of a reason why I will get in trouble if my fingerprints are stolen.

  • Mollari 2261

    OK, Mr. CCC, so if biometrics isn’t the answer, then what is? Because the username-password paradigm is painfully broken.

  • lil bit

    I will admit i was wrong about this, i really thought it would be more secure, turns out the “scanning sub-epidermal layers” was a blatant lie, shame on Apple for that. Still, lots of arguments against fingerprint scans are well into paranoid territory and i think these arguments will carry less weight around here when the HTC One Max is out.

  • It is also important that we know about how the front facing camera in our smartphones work. It maybe stealing your retina biometrics info. while staring at it.

  • Stan

    Before a robber would take your wallet and your iPhone. Now he has to take your wallet, your iPhone and your finger. Thanks, Apple !

  • simpleas

    People always say, “it only matters with sensitive data.” exactly. it only matters with sensitive data.

  • Stan

    Apparently nipples also work: http://www.rawstory.com/rs/2013/09/24/users-claim-iphone-5s-can-be-unlocked-using-nipples-other-body-parts/
    I’m not impressed though, my gf has been using her nipples to unlock my wallet since forever.

  • borgy

    I don’t understand why making so much noise about it?? Maybe jeaously android doesn’t have one??

  • Ted

    As a Samsung Note owner, I find your article so ridiculously apologetic as to make you look very foolish. Of course finger prints have draw backs, but most people like me would welcome some level of security over the vast majority experience of no security. Putting in a pass code every time a person turns on their cell phone is just too much of a hassle that most of us have no security. If you suspect someone has your usual fingerprint ready to use at any time to get into your phone (highly unlikely wouldn’t you say) then just change the fingerprint to your little finger and delete your thumb or index finger print.
    I would welcome the additional privacy on my phone.

  • Roj Beraña

    when this will end….

  • po_ping

    i hope sammy and sony do not make such fones… pls…

  • po_ping

    how are we sure apple is not storing the fingerprint copy elsewhere?

  • ManDude0311

    Fandroids are pathetic. Don’t even know a disruption until you are left to copy what Apple has accomplished. Only this time, you can’t cuz it is truely mega patented. And as your TouchID hack – yea if you can get your self a super 2400 dpi pic of my finger print and get a super printer to print 1200 dpi onto latex within 5 mins, you can hack my iPhone 5s anytime.