Apple may well have sparked a new trend in smartphones
It turns out that HTC – not in the least desperate to grab market share, of course, has decided to copy the latest iPhone 5s from Apple and build a fingerprint scanner into its latest HTC One max handset. The curious thing is that with the One max device the scanner is actually located in the rear of the handset rather than an integral part (ie the Home button) with the 5s. However, David Emm – a senior security researcher at Kaspersky Labs believes that fingerprint scanners may lull smartphone users into a false sense of security. On paper, HTC showing that it has follow Apple’s iPhone 5s in introducing a fingerprint scanner might represents another step towards the death of the password.
With the iPhone 5s, and now the HTC One max, when you acces the device, it reads your fingerprint instead of you having to type a passcode – thus saving you time and effort, theoretically.
In David Emm’s view, with the 5s at least, the handset isn’t requiring any change in behaviour in order to use the technology.
You’d have to press the Home button anyway to access the device. With the One max, you actually have to wake the handset up first before using the scanning technology.
Anyway, as Emm quite rightly points out most people don’t use a PIN number (let alone a more complex passcode) because of the hassle involved.
So the ‘fingerprint scan’ may well have the effect of increasing the level of security for most people using an HTC or Apple handset.
“There’s a flip-side though,” Says Emm. “If my passcode becomes compromised, I can simply replace it with a new one – hopefully one that’s more secure.”
He continued, “But I can’t change my fingerprint – it’s part of what I am and so I’m stuck with it.”
What happens if someone is able to fool a fingerprint reader by spoofing the fingerprint?
Well, the Chaos Computer Club has shown that it bypassed the iPhone 5s’ security using a fingerprint read from a glass surface. See here.
The CCC’s successful attempt to circumvent the Touch ID technology suggests that Apple and HTC’s ‘highly secure’ implementation just may not be secure enough.
“Because of the nature of fingerprints, you effectively leave your password everywhere you go,” Emm explained.
“So unless a fingerprint reader is able to fully distinguish between a real finger and a fake one, a fingerprint scan is a poor substitute for a password.”
You’ve been warned.