Fingerprint scanners are supposedly the next major step-up for mobile security, but stories about software flaws and trick-able sensor components don’t fill some consumers with confidence. Fortunately, CrucialTec has developed a new biometric verification system that not only reads fingerprints but also recognized heartbeats at the same time, in order to stamp out fakes.
Known as Anti-Fake BTP, this new design aims to prevent fake fingerprint use by checking that the finger placed on the scanner is actually circulating blood, at the same time as scanning the print. The company also plans to incorporate other checks to strengthen security, such as bio-electrical impedance analysis to check that a finger’s composition is actually human.
You may recall a number of rather interesting fingerprint scanner exploits discovered over the years, such as the “wood glue spoof” for the Samsung Galaxy S5. In this scenario, traces of a user’s fingerprint from a smudge on the case were used to create a fake fingerprint accurate enough to fool the reader. By requiring that a real scan must pass a pulse check in addition to a print match, CrucialTec’s new system would eradicate exploits that attempt to recreate prints synthetically.
Given that the fingerprint scanners are being integrated into new systems that are closely tied to sensitive personal details, such as bank accounts via mobile payment systems, more secure hardware options, like the Anti-Fake BTP, are a very welcome breakthrough. Even though the risk of having a device broken into is already quite small, can we really be too careful?
CrucialTec will be showing off its Anti-Fake BTP technology at the Mobile World Congress in Barcelona and the hardware will be commercially available later in the year.