Google investigates: optical fingerprint readers may not be secure
The race to produce the smartphone with the highest screen/surface ratio has led to an incredible leap forward for many of the technologies included in smartphones, including the various biometric unlocking systems. The new fingerprint readers integrated into the displays are certainly attractive but are they just as secure? Google seems to want to find out.
Fingerprint readers integrated into the displays are certainly one of the fashions of the moment. Producers far from our markets have been experimenting with technology for several generations now while in Europe we are just beginning to discover this innovation thanks to manufacturers such as OnePlus, Vivo and OPPO.
These fingerprint readers are better than the first models on the market but they all have one thing in common: they are based on optical technology. It seems that Google has some doubts about the security of this method of biometric unlocking and seems to be investigating the issue to decide whether to enable the use of these sensors in applications that require more security (home banking, payments from smartphones, etc. ...). David Ruddock, who posted the story that reached his ears during CES 2019, says so.
Another CES Story: I've heard Google is currently investigating whether current optical fingerprint sensor designs are secure enough to be used for TrustZone auth (mobile payments, banking apps, etc).
— David Ruddock (@RDRv3) 14 gennaio 2019
There is real concern optical FPRs may be too easy to spoof.
If Google were to find these sensors unsafe it could block the so-called "TrustZone" effectively preventing the use of this authentication system and forcing users to use the old PIN method. If these hypotheses prove to be true we could say goodbye to many of the smartphones with optical fingerprint readers integrated in the display, manufacturers would have to fall back on other types of technologies such as 3D scanners for the face and this would certainly slow down the spread of the futuristic feature.
If Google decides optical FPRs aren't secure enough for TrustZone, you can probably say bye-bye to most in-screen fingerprint phones. The only other option right now is ultrasonic (Qualcomm being the major vendor).
— David Ruddock (@RDRv3) 14 gennaio 2019
The other option? Projection-based facial recognition.
However, there is another alternative: ultrasonic fingerprint readers. These sensors are more accurate and precise and represent a better solution, but they are also more expensive. The largest producer on the market at the moment is Qualcomm. It's no wonder that one of the biggest customers for this technology is Samsung, which intends to use it in its new flagship store, the Galaxy S10, which will certainly be anything but cheap.
Samsung is not, however, the first to use Qualcomm's ultrasonic sensors. The first smartphone to use this technology was the Huawei Mate 20 RS Porsche Design and I must admit that I was not surprised by the speed of recognition which is, albeit only slightly, slower than the classic fingerprint readers. We hope that the Galaxy S10 range will use improved technology...
Do you use biometrically recognized unlocks for convenience or do you rely on secure PINs at all times?
Source: Twitter
The Authenticator Rhyme, courtesy of Charles Stross:
something shared,
something do,
something secret,
something you
They're not if they're on Chinese phones! Apple will do it if it makes sense so we'll just have to wait.
Won't give anything biometric to any of these corporate megalodons, won't even give my real name to Google. I'll take my chances with Joe Shmoe in the checkout row spying my changeable pattern with the phone in my grip, versus handing unalterable (short of surgery) ID voluntarily to known identity harvesters.
I'd rather use that, than punch in my 4 digit code, which you know good and well EVERYONE had security cameras everywhere.