Being able to bypass a phone’s fingerprint reader with a severed finger raises questions and concerns about the security of these solutions.
A Samsung Galaxy A20 user in Spain who lost their fingertip in a crane accident, according to a report, was still able to register and use the cut off number to authenticate their identity and access the device. . As identification solutions have continued to evolve, there have been regular reports of new and innovative ways to bypass or spoof them. Wondering how secure these security solutions are?
The Galaxy A20 uses a technology called capacitive touch, which works by detecting a weak electrical signal in the finger and peaks and valleys on the ridges of a person’s fingerprint. The technology first appeared in phones as an authentication method in 2004. However, it wasn’t until 2013 that the feature became mainstream, after its inclusion in Apple’s iPhone 5. . Samsung also has an ultrasonic sensor that detects a fingerprint using sound waves through the phone’s screen, but this is only included in its more recent high-end smartphones.
Kieran Higgins, a semi-retired auditor working in the insurance and credit card industries, unlocked a Samsung Galaxy A20 phone using the cut off fingertip, according to The register. The act was shown on a video call, but has been shown multiple times. According to the report, not only was the tip able to unlock the phone, it was also used to register the fingerprint to begin with. Samsung has yet to weigh in on the matter, but the A20, like most mobile phones, uses the capacitive touch mentioned earlier. All this raises the question of where does the electrical signal needed to activate the sensor come from?
How long can a cut finger unlock a phone?
It is not known exactly how long before electrical conductance ceases when a person has died, or in this case, when a finger is cut. Arguably the two weeks that Higgins was still using the finger are well outside the range many would expect. Ina 2018 Live Science article, comments by Anil Jain, co-author of “Fingerprint recognition manualExplained that it would be quite difficult for a detached finger to unlock a phone, and that it would become even more difficult over time. However, Jain also explained that testing for exactly how long a finger maintains conductance is somewhat impractical, due to the needs of the bodies and / or parts and the frequency of checks required.
Despite these uncertainties, this does not mean that the threat posed to digital security is not a concern. This field of study is called ‘Liveness detection, ‘ and it is the same sector that is concerned by the use of false measurements or theft to bypass biometric identification. In fact, there are solutions that can make a difference, although they tend to be used for high-end enterprise security solutions, not consumer devices, such as Samsung’s Galaxy A20.
Following: Is the Samsung Galaxy S21 or iPhone 12 better for privacy and security?
Source: The register, live science
HomePod and HomePod mini: How to connect your Deezer account and listen to music
About the Author