Fingerprint security real-world hacks?
#1
Original Poster
Join Date: Jul 2013
Location: DAY/CMH
Programs: UA MileagePlus
Posts: 2,474
Fingerprint security real-world hacks?
My new Pixel 2 XL is the first phone I've set up to unlock with a fingerprint reader — though I'm also using it on my latest laptop. The phone is scarily easy to unlock, meaning either its fingerprint reader is really accurate or it's not very discriminating.
I've read the articles describing a high false positive rate and the possibility that a "master key" glove could unlock many phones before hitting their attempts limit. I can't find any evidence such a device exists and poses a real threat.
Does anyone know whether there is really a significant current risk in using the fingerprint reader on a phone?
I've read the articles describing a high false positive rate and the possibility that a "master key" glove could unlock many phones before hitting their attempts limit. I can't find any evidence such a device exists and poses a real threat.
Does anyone know whether there is really a significant current risk in using the fingerprint reader on a phone?
#2
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
I think iPhone and Android fingerprint sensors have about a 1 in 50,000 false positive rate. I wouldn't worry about it too much - though worth mentioning that Apple's newer FaceID (to which it's transitioning all its devices) has a false positive rate of more like 1 in 2,000,000.
#3
FlyerTalk Evangelist
Join Date: May 2002
Location: Pittsburgh
Programs: MR/SPG LT Titanium, AA LT PLT, UA SLV, Avis PreferredPlus
Posts: 31,007
It's a bit like stating that time travel is now possible because a few specific parameters in relativity/quantum mechanics could theoretically make it work, on paper.
#4
Original Poster
Join Date: Jul 2013
Location: DAY/CMH
Programs: UA MileagePlus
Posts: 2,474
If you're reading the articles on the research at NYU and MSU, be sure to read beyond the mass media hype and realize that it was purely theoretical with no actual attempts on any real phone. Various reports state that they used a matching/spoofing method that Apple, for one at least, doesn't even use for exactly this reason.