Why Your Next Phone Will Include Biometric Security

An anonymous reader sends this quote from Forbes: "... it is an almost certainty that within the next few years, three biometric options will become standard features in every new phone: a fingerprint scanner built into the screen, facial recognition powered by high-definition cameras, and voice recognition based off a large collection of your vocal samples. ... We store an enormous amount of our most intimate and personal information on cell phones. Businesses today are already struggling with policies regarding bringing devices from home, and it’s only going to get more difficult. A study by Symantec highlighted the depth of the problem – around the world, all different types of companies consider enterprise mobile device security to be one of their largest challenges. ... Ever since Apple purchased Authentec Inc in July of last year, there has been an endless stream of news stories obsessing over whether Apple will include a fingerprint scanner in their next release. In reality, Apple is one among many players, and whether they include a biometric sensor in the 5S or wait till the 6 is largely irrelevant, the entire mobile industry has been headed this way for years now. ... There are separate questions as to whether these technologies are ready for such a wide-scale deployment."

Fingerprints? On a touch screen?

[Zumbs]

How can anyone consider fingerprint identification on a touch screen as anything but toy security? You handle your phone pretty much each day, so it is highly unlikely that your fingerprints will not be all over it, in particular on the screen. With just a little bit of technique, every criminal will be able to get a usable finger print and unlock your phone. Mythbusters pretty much proved how easy these things are to bypass.

Biometrics is a dead-end

[gweihir]

What all the proponents conveniently gloss over is that biometrics has not solved one fundamental problem: How to change the "password" once it gets stolen. And it will get stolen. Storing hashes does not help at all, as an attacker can just get new samples with ease. They just need to hack the sensors. Other ways exist. And once the biometric print has been compromised, there is nothing that realistically can be done.

This fundamental limitation is the cause that not real security expert takes biometrics seriously in unsupervised scenarios. There are enough wannabe security experts around that will gladly take a lot of money for biometrics that will not work.

Re:Fingerprints? On a touch screen?

[Jane Q. Public]

"Mythbusters pretty much proved how easy these things are to bypass."

The problem is that in order to prevent false negatives, the recognition has to be loose enough to allow way too many false positives.

But -- and here's the big issue, IMHO -- the same is true for facial recognition, and voice recognition.

So you have 3 "biometric security" options, all of which are ridiculously easy to circumvent.

Security theater, anybody?

The really big problem here is that it's a false sense of security. People come to rely on means that aren't secure, they they feel they are secure. This just makes them sitting ducks for malicious people who know what they're doing.