2

If a fingerprint scanner were a human it would probably be like this:

  1. take a photo of the finger presented for authentication
  2. check it against the original photo to determine if it's the same.

This would lead to the problem that the process has a copy of the scanned finger and anyone stealing this then owns/pwns a 'password' of mine that I can never change. Obviously they may have other challenges in using that password, but they have it nonetheless, so if an opportunity arises they can use it.

I've stayed away from using my fingerprint scanner on my phone (FWIW Moto G5s) because I'm not sure whether it's a risk like the above.

Is the data that real phone fingerprint scanners generate and store for comparison something that can be stolen? Or is it something that's always going to be unique to that device - e.g. is it salted or such?

And if it is sensitive, do apps that use the scanner have access to it, or would that normally be left to the phone's OS (Android in this case) and an app just gets back an un/authenticated response?

Asking because I'm trying to answer:

  1. Does my phone have a stealable copy of my unchangeable fingerprint on it (e.g. attacker steals device, could get access to my fingerprint - or access to some data that would be enough to present as my fingerprint)

  2. Does my phone's OS have a stealable copy? I ask this because I'm wondering whether that means I'm trusting it to Google / Apple etc.

  3. Do my phones's apps have access to that? (obviously this vastly increases the vulnerability area if so)

I've looked online and I understand that scanners don't usually store a photographic scan, but some key things that can identify unique properties, but if those unique properties are ... unique ... then they could be stealable?

schroeder
  • 123,438
  • 55
  • 284
  • 319
artfulrobot
  • 473
  • 5
  • 14
  • 1
    The wiki on the topic broadly explains how the process works and it should answer your main questions: https://en.wikipedia.org/wiki/Biometrics – schroeder Nov 11 '19 at 13:33
  • @schroeder Thanks for link but I don't think it does. It doesn't explain about typical implementation (or implementations specific to apple/google) in phones - i.e. how [stored templates](https://en.wikipedia.org/wiki/Biometrics#/media/File:Biometric_system_diagram.png) are stored, whether raw sensor data is accessible etc. But I'd guess (was hoping for someone to reduce guesswork a bit) from reading that that (1) yes, phone has stealable 'stored template' (2) yes, the OS has this and that propbably (hopefully) (3) is a no. – artfulrobot Nov 11 '19 at 13:55
  • 3
    There is unlikely to be one answer because the way such things are implemented likely change from device to device. However, you should assume that your biometrics are stored in a way that can be "stolen" (because they probably are). However, having your fingerprint stolen off your phone is probably not the most likely way for it to be stolen. See: https://www.bbc.com/news/technology-34346802 – Conor Mancone Nov 11 '19 at 14:15
  • @ConorMancone sure, I appreciate that my fingerprints are everywhere (people have proved they can be stolen from a picture of someone doing the peace sign taken on an iPhone!). I suppose I don't want google/apple to be able to identify me by my fingerprint since this identifies me personally (rather than "me" in a particular account's given data). Does sound like I shouldn't trust my device not to give this to them. I'd just hoped that I could trust the scanner tech to encrypt the stored template, but it sounds like the OS is pretty involved in the process. – artfulrobot Nov 11 '19 at 14:35
  • 1
    The templates are also encrypted and there are other protections. And no, apps on the phone cannot access the templates, they call the function of the phone's OS. – schroeder Nov 11 '19 at 14:52
  • @artfulrobot to be clear, this is an area I am not an expert in. However, it's my understanding that the security lies with the OS, not with the device. At this point in time I'm not sure anything else makes sense. For the scanner to secure it, it would need it's own dedicated hardware (CPU, Memory, etc...). That's certainly not the case in a modern phone. – Conor Mancone Nov 11 '19 at 14:54
  • 1
    Also, since you are specifically interested in phones, there is documentation for iPhone and Android that explain the biometric security. Like: https://developer.apple.com/documentation/localauthentication – schroeder Nov 11 '19 at 14:54
  • @schroeder thanks for link. I guess [this](https://thehackernews.com/2015/08/hacking-android-fingerprint.html) is what I was scared of. – artfulrobot Nov 11 '19 at 16:11

0 Answers0