Smartphones and biometrics: we’re all ears

The iPhone 5S was the first. Their Touch ID fingerprint scanner on the lock-in screen heralded the beginning of biometrics security as part of smartphone furniture.

But it was easily hacked just two days after the phone went on sale in September last year.

Germany’s famous hacker team, the Chaos Computer Club, were able to create a fake fingerprint from a rubber mould that could then be used with a real finger to unlock the phone.

Another German team, Security Research Labs, have just done the same with the Samsung Galaxy SF, released earlier this month. You can see the video here.

More serious consequences 

Unlike the iPhone, the new Galaxy’s fingerprint scanner does more than just unlock the phone – it can also authenticate payments via PayPal. Which is all the more worrying from a security point of view, as the hacker could be successfully making payments directly into their own bank account.

And there is no limit to how many times you can try to fake it, like there is with the iPhone.

The point being that it gives a would-be-hacker a much greater incentive to create a fake fingerprint in the first place.

But is it really likely?

Is your average Joe really going to lift a high quality fingerprint from clean glass, scan it at high resolution, clean it up and then print it on to latex rubber?

Probably not. As evidenced by the fact that there haven’t been any recorded cases of the method being used beyond the hacker’s tests. Yet, anyway.

So do the ears have it?

Not content with fingerprint or iris biometrics, DesCartes Biometrics has just developed an ear biometric lockscreen app designed exclusively for Android smartphones. The president and CEO of the company, Michael Boczek talks about the convenience of the ‘most natural of phone gestures – lifting your phone to your ear’:

An individual user simply lifts the device to their ear and presses their ear to the touch screen to authenticate and unlock the device. By combining the most natural of all phone gestures – lifting your phone to your ear – with the unique geometry of your ear, Descartes Biometrics has created a robust and reliable mobile device security solution that is easy to use, non-invasive and non-distracting.”

Currently you can get it on Amazon apps and Google Play.

We can definitely see the logic and the benefit of a different biometric approach to fingerprints. Especially as, in the words of Frank Rieger, spokesmen of the Computer Chaos Club, “it is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token“.

But do we really care that much about biometric smartphone methods in general? Is it still just a bit too early for adoption – especially at $3.99 a pop? It’s one thing if it comes as part of the phone, another if you have to fork out hard cash for it.

We’ll be watching the downloads with interest.