You can "fool" anything as long as you're using it as intended while you try.
Someone tricked the Galaxy S10's in-screen ultrasonic fingerprint sensor with a 3D-printed fingerprint. Only, not really.
A lock wants a key. It doesn't care where that key comes from.
A person who is adept at the right software was able to take a photograph of his fingerprint on a wine glass and recreate it in three dimensions using a 3D printer, then use this nylon print and a real finger to unlock the Galaxy S10.
It sounds a lot less like fooling the fingerprint reader if you approach it from this direction because the ultrasound of a fingerprint is used as the key to getting in, and where that comes from doesn't matter. If you get a copy of your house key made at Home Depot and it works in the lock, have you fooled it?
I attempted to fool the new Samsung Galaxy S10's ultrasonic fingerprint scanner by using 3d printing. I succeeded. This is a security risk. Someone with the right camera and the right lens could snag a photo of your fingerprint from your wine glass, print it off, then steal your phone and unlock it. If they wanted to, that is. Fingerprint readers have always been this way, whether on a phone or something more mundane like a passport. They aren't foolproof as long as you aren't really trying to fool them, and creating an exact duplicate of anything is possible.
If you want or need your phone (or anything, really) to be as secure as it can be don't use biometrics of any kind to allow access.
Usernames vs. Passwords
A bigger concern is that biometrics really aren't suitable as passwords in the first place. Your fingerprint identifies who you are; you have 10 of them and none can ever be changed. A look at high-level security installations that use biometrics for access is in order.
Your fingerprints are your identity, not your password.
Looking into an optical eye-scanner or providing a full palm print to unlock a door isn't supplying a password, it's providing an identity. A General or high-ranking executive needs to tell that door who they are before it decides if they can enter. Someone could steal a key or hack a password, but they would still need to be on the list of people with access if they wanted to see what's on the other side of a door sealed by biometrics.
But things are a bit different when it comes to a phone. Well, your phone and my phone, anyway: there are people who need to have truly secure communication devices but most of us aren't one of those people. We just need a way to make sure our phone isn't wide open in case it gets lost or stolen, or if we have friends who like to snoop on our stuff.
You probably have something on your phone that you wouldn't want me to see or post on Facebook. The goal is to make your phone secure enough so that I can't. The old adage that a lock only serves to keep honest people out applies here — someone with the right amount of dedication, the right amount of time, and the right equipment can unlock any phone as long as the payoff is worth it. Chances are, the stuff on your phone doesn't make for a big payoff. A phone thief only wants to be able to unlock and erase a phone fast enough to resell it before a carrier blacklists the serial number, and fingerprint sensors make that very difficult.
Biometrics make security easy and that means more people will use it.
Fingerprint sensors are flawed, this is true. They can be "fooled" by an exact copy that provides what they expect to find when being used, But in general, they have been a boon to both smartphone users and carriers because they are easy to use make it less profitable to steal a smartphone. When security is easy, more people will do it and everyone wins. If you need absolute security you probably shouldn't be using a smartphone or should at least use a hardened model with a strong alphanumeric passphrase as the only means to unlock its data.
For the rest of us, keep using your fingerprint sensor and other assorted tools that make it hard for someone to get inside.
Pick a screen protector that won't mess with the fingerprint sensor
InvisibleShield Ultra Clear
InvisibleShield's screen protector carries the "Designed for Samsung" certification, and while it's not the tempered glass screen protectors we normally look to InvisibleShield for, the Ultra Clear film protectors are shiny, clear, and case-friendly. They're also easier to install than most. The lifetime warranty here is just as tough as ever, offering replacements if your film ever clouds, tears, or warps.
Whitestone Dome Glass (2-Pack)
Whitestone's Dome Glass screen protectors use a UV curing wet-install system to ensure a secure fit, and so far they claim to be the only tempered glass screen protectors that will work with the Galaxy S10's ultrasonic in-display fingerprint sensor. Whitestone is mighty proud of its products and its pricing reflects that, but it's still cheaper than replacing a broken screen.
from Android Central - Android Forums, News, Reviews, Help and Android Wallpapers http://bit.ly/2OVtvlP
via IFTTT
No comments:
Post a Comment