do_mobile_fingerprint_sca_75398_142985Apple has added some intriguing features to their latest mobile product lineup, one of which is the fingerprint scanner. Its stated purpose is to heighten the security on the mobile phone. As the smartphone in general becomes increasingly integrated into the mobile office, making it harder to break in seems like a good idea. However, biometric fingerprinting may not be the guard dog everyone is hoping it will be.

Biometrics
Biometrics is the field of integrating the biologically unique features of an individual human being with the mechanical devices securing things we don’t want stolen – sensitive information, money, identities – you name it. The principle is fairly simple. For example, take a fingerprint, digitize it, and use an algorithm to determine if the fingerprint being scanned belongs to the person it’s supposed to. The same is true for iris scanners, although the actual iris scan is not digitized; check digits are used to determine if the iris being scanned is the same. Obviously, this is not foolproof.

Who Actually Steals Information?
Most people think people stealing smartphones are folks who want a smartphone but can’t afford their own, and they don’t realize the phone can be tracked. Most people who lose a smartphone curse, cancel the service, and then replace the phone in that order. People who steal identities or use the smartphone to break into a cloud service to steal data are not run-of-the-mill thieves. They are usually organized and backed either by a crime syndicate or a hostile foreign government.

Given that serious identity theft and theft of sensitive information is controlled by serious bad guys, why would you want to hand these organizations your fingerprint? It’s actually fairly easy to scam a fingerprint scanner when you have the actual fingerprint to work with. A fingerprint can be lifted from a surface using cellophane tape and an acrylic mold can be made. There are a few ingredients for the mold you need to have to make it work, but we’re not going to discuss these here. Suffice it to say, you can make a usable mold from a tape copy of a fingerprint, and you can use this mold to break biometric security without a lot of difficulty.

Do Mobile Fingerprint Scanners Truly Protect Your Business?
The short answer to this question is no. The long answer is still no, but with explanations. As we stated above, it’s not too hard to break a biometric fingerprint scanner if you know how. The types of organizations who back identity thieves, break into financial institutions, and steal sensitive information certainly have this know-how. Businesses who plan on using the Apple fingerprint scanner as part of their mobile office security are deluding themselves as to the protection it provides. If the business doesn’t back the biometric with protocols to determine who’s actually trying to gain access with the fingerprint, they’re leaving the barn door wide open, so to speak, for thieves to come into their data and play. A biometric fingerprint scanner is a reasonable first-line security measure, but it is by no means capable of holding the fort by itself. Used in conjunction with other security devices and protocols, it can work well. Left to stand alone as the sole security measure, it will fold faster than an improperly-setup tent in a high wind.