As the technology guarding smartphones becomes, well smarter, it’s easy to be lulled into a false sense of security. Both Samsung and Apple have added fingerprint scanners, the most basic application of biometric security, to their phones in recent years. While it may seem safer to protect your phone through your unique fingerprint rather an easily hacked password, Senator Al Franken wants to warn both phone manufacturers and average Americans that finger print scanning is not as safe as you think.
On Tuesday the Democratic senator sent a letter to Samsung, asking how users of the Galaxy5S, which includes a fingerprint scanner, can be sure their biometric information is secure.
“Fingerprints are the opposite of secret,” Senator Franken wrote. “You leave them on countless objects that you touch throughout the day: your car door, a glass of water, even the screen of your smartphone. And unlike passwords, fingerprints cannot be changed. If hackers get hold of a digital copy of your fingerprint, they could use it to impersonate you for the rest of your life, particularly as more and more technologies start relying on fingerprint authentication.”
The senator also pointed out the fact that Samsung’s fingerprint scanner allows for an unlimited amount of attempts to be made, without ever locking the phone. It also appears to allow any app to use the finger print scanner, meaning people could be using the same biometric information for things like sensitive banking apps.
Before you think Franken is picking on Samsung, he also sent a similar letter to Apple last year when they unveiled their own fingerprint scanner on the iPhone 5S.
“Passwords are secret and dynamic; fingerprints are public and permanent,” Franken wrote in the letter to Apple. “If you don’t tell anyone your password no one will know what it is. If someone hacks your password you can change it – as many times as you want. You can’t change your fingerprints. You have only ten of them. And you leave them on everything you touch; they are definitely not a secret. What’s more a password doesn’t uniquely identify its owner – a fingerprint does.”
Franken went on to ask Apple whether or not biometric information collected by their fingerprint scanner could be subpoenaed by law enforcement agencies. A valid point especially in light of the information we have now about the NSA’s relationship with tech companies and their secret surveillance programs. .
Apple responded to to some of these questions in a Wall Street Journal article, saying that an image of user’s fingerprint is never captured, and only data from the print in analyzed and then encrypted. This data is not stored on Apple’s servers or on the iCloud, which means it can’t be readily accessed by law enforcement or hackers.
While Apple’s technology claims to be secure, Senator Al Franken’s concern about the growing use of biometric data for everyday security is pretty valid. In this day in age we can never be too careful when it comes to sharing the most personal information we have – our unique genetics.