Smartphone with fingerprint reader.
Fingerprints were the domain only of the chronicles of events and crime fictions or science fiction until not long ago. Beyond when we had to renew the DNI, we always met them in the distance, when news arrived of criminals who erased them or we watched fascinated movies like Gattaca (1997), in which in a society dominated by biometrics the characters played by Ethan Hawke and Jude Law managed to deceive the system by changing, among other things, fingerprints. In 2013 everything changed: Apple launched its first iPhone with TouchID, a fingerprint sensor for unlocking. They weren’t the first, but once Apple arrived, all the manufacturers jumped into the pool as well. Now we imagine criminals without fingerprints having trouble accessing their phones in a remake of Andrew Niccol’s movie in which smartphones they would have an important role.
The fingerprint is not only the best known biometric technology (only a tiny percentage of the population is unaware of it, according to a study conducted by Payment Innovation Hub in August 2021), but also the most used. The study indicates that 81% of Spaniards who have used this type of technology, claim to have used it regularly or occasionally. The place where we meet her most often? The mobile: 59% of those who use it use their fingerprint mainly to unlock the device.
“Spaniards indicate a preference in using the fingerprint to identify themselves, since they perceive it to be more convenient, safe, easy to use, faster and less invades the privacy of the person,” explains Silvana Churruca, director of the company that prepared the study. Of these perceptions, security is perhaps the most dubious.
“In my research group, today, we have achieved to hack absolutely all the mobile sensors ”, assures Raúl Sánchez ReIllo, director of the University Group of Identification Technologies of the Carlos III University of Madrid. However, he does not think this is a problem. “Technology is not infallible. Especially because it is not designed to be, “he says.
The fingerprint sensor in mobile phones, Sánchez Reíllo explains, works because it is an easy and comfortable way to unlock the phone, two key factors when the use of a technology spreads. The previous (and still used) methods of blocking the phone, the password or PIN and the pattern, often ended up only achieving either that people did not use any blocking method or that they entered passwords such as 0000. “If you have a system which is as comfortable as putting your finger close and authenticating, much better. People use it and have their phones locked ”, says the expert. And this, as bad as the fingerprint sensors of the phones are, is already better than nothing.
Some sensors that can be improved
We trust the fingerprint because it is the oldest biometric technology and because it is what we have seen the police or airports use. “Familiarity is a key factor when choosing, especially when it comes to new technologies,” agrees Silivana Churruca. We know that the drawing that each one has on the fingertips is, indeed, unique and therefore a very reliable way of identifying someone. However, expecting the mobile sensor to be equivalent to that of a border control is not very realistic. “Taking into account that what manufacturers like is to have a service at a minimum cost, they are obviously not the best sensors in the world,” says Sánchez Reíllo.
From time to time, news of hackers that manage to circumvent the fingerprint sensors of phones or blunders such as the Samsung Galaxy S10, which I accepted all the fingerprints when I put it according to what screen protector. However, and unlike other forms of remote non-consensual access (the classic one of making the user click on a link), to enter a phone through the fingerprint it is necessary, first of all, to have the telephone. In both iOS and Android, the fingerprint is stored on the smartphone itself in specific and highly protected local folders and is never uploaded to any server – which in theory avoids privacy problems – so it would be necessary to have the device. The second step would be for the criminals to have a fingerprint similar to the one registered by the user. “If you add up the probabilities, it is very difficult for them to get into your mobile,” says Sánchez-Reillo.
More than dangerous criminals who steal your smartphone and they access it through an image of your fingerprint, the most common is that it is someone from the user’s environment, who waits for him to fall asleep to put his finger on the sensor and see, for example, his messages, he comments the investigator. “If you are an expert and you have more advanced knowledge, you can do something similar to what is done in the movies: you take a glass, reveal the fingerprint and you have a fingerprint from that image,” he concedes, but it is a complicated process. “It could compensate if the mobile you want to access is someone like Bill Gates [que posiblemente tenga otros métodos de seguridad], but beyond that it compensates rather little ”, he reflects.
A guard works with the fingerprint identification program EDUARDO RUIZ
Sometimes the opposite also happens: it is not that the sensor accepts a foreign fingerprint, but that it does not read the correct fingerprint well. Because just as all fingerprints are different, there are also some more legible than others. “It is a combination of a finger with a sensor,” says Sánchez Reillo, who says that in his research group there is a person who they always call because they know that their fingerprint “is going to cause problems.” In this case, it is an elderly person and diabetic. In addition, some cancer treatments also deteriorate the footprint. Silvana Churruca, for her part, also points out a series of factors such as dust, sweat on the user’s own skin and dry or static-charged environments that can interfere with reading. Depending on the type of sensor (capacitive, optical, optical under the screen and ultrasonic), some factors will affect more than others.
Sánchez Reíllo, who once spent three months without being able to use the fingerprint of his devices because he had been doing “bots” at home that had dried out his hands a lot, indicates that these are usually specific situations anyway. “There are exceptions, but the footprint is always rebuilt. The mobile sensor can have problems, but the sensor with which you get your DNI reads almost all the fingerprints well, “he says.
Other biometrics lurking
The Payment Innovation Hub report published in 2020, claimed that 70% of Spaniards had used some biometric technology. After the fingerprint (81% of them), the most used were voice (35%) and facial recognition (29%). Although at the beginning of the pandemic facial recognition lost points by not recognizing faces with a mask, the truth is that this context could eventually end up favoring it. In cases where the fingerprint is used as a method of identification and authentication but not on the mobile itself (to make a purchase in a store or to access a place), touching a surface that more people touch is no longer so attractive. “Due to the adoption of systems and solutions that avoid contact, guaranteeing social distancing, biometrics such as iris and facial recognition are emerging,” says Silvana Churruca, who points out that “contactless fingerprint readers are also being developed.”
Sánchez Reíllo believes that each use must be evaluated, because there will be situations in which the fingerprint is more practical and others in which iris recognition is preferred. In favor of the fingerprint, he explains that putting the finger on the sensor is an act, while facial recognition can be activated without your intention (if you work, for example, with the phone in front of you) and the iris can be uncomfortable.
He points out another method that works quite well to authorize purchases, the handwritten signature directly on the mobile screen. “Companies right now use the signature on screen to have it and save paper, not to authenticate, but you can do both at the same time. It is not very widespread, but the technology is available ”, he explains. Ultimately, it’s about evaluating needs, cost, and usage. For the general user, as always, the technology that provides the best experience at the best price will win.