Ever since they first appeared in the realm of science fiction, fingerprint sensors have had an aura of invincibility. Fingerprints are unique, so there’s no way to replicate it and hack into the device. So it’s no surprise that phone manufacturers have gone the extra mile when marketing these sensors.
For example, the Samsung describes the fingerprint sensor in its Galaxy S10 as, “Ultrasonic in-display fingerprint ID protects and unlocks with the first touch.” Such statements are echoed by every manufacturer that builds a phone with a fingerprint sensor. Yet, these statements are now becoming a dangerous myth.
If we return to the example of the Galaxy S10, it was recently reported that it’s fingerprint sensor had been cracked. All an Imgur user by the name of user darkshark had to do was take a picture of his fingerprint. Then he just had to use a 3D printer to create a duplicate. Just like that, the phone’s ultrasonic fingerprint sensor was fooled.
Yet, you might be thinking, “Okay sure. But it’s not like anyone can take a picture of my fingerprint and do this.” This is where you’d be surprised at how easily it is to get a picture of your fingerprint. Back in 2014, Jan Krissler – a German computer scientist demonstrated how he was able to duplicate the fingerprints of Germany’s defense minister through a series of photographs.
The same would also apply to other biometric security measures. Earlier this year, a Dutch non-profit tested facial recognition systems on 110 smartphones. It was found that, “Several brands, including Asus, Huawei, Lenovo/Motorola, Nokia, Samsung, Sony, and Xiaomi, had at least two representatives each among the devices that failed the test.”
Thus, we’re faced with a stark reminder. When companies like Facebook mess up and leave passwords stored insecurely, you can always get a new password. But when your fingerprint gets stolen you can’t exactly get a new finger.