How Secure Are Fingerprint Scanners?


This episode of DNews is brought to you by
Norton. Biometric scanning is the future – but how
secure is it really? [INTRO MUSIC] Hey guys, Tara here for DNews and with all
the recent technology made in biometric scanning, you might be wondering – what is the actual
risk involved in using these devices? And is it really impossible for someone to steal
my identity through them? The short answer is no – it’s not impossible.
But it is significantly trickier. It’s helpful to think of your fingerprint
in the same way you think of a credit card: it’s really just a string of numbers run
through a computer network. The difference is, unlike credit card numbers or passwords, your fingerprint can’t be lost or misplaced. But it also can’t be changed once it gets
stolen. And that’s where the real security issue comes in. When you consider that all of that information
is stored in a database somewhere, then that’s what the hackers will target. And assuming
there’s encryption involved, once that information gets stolen, there are tons of ways to take
advantage of it. Many of the companies that manufacture fingerprint
scanners like to claim that their technology is unbreakable. But as the Mythbusters proved back in 2006,
all it takes to steal one is a little bit of dedication. In their episode, they successfully
cracked a scanner using three different methods. The first time, they copied someone’s fingerprint
onto a latex glove and then used that to open a door. The second time, they managed to create
a copy of a fingerprint using ballistics gel, which is just gelatin mixed with water. And
the third time, all it took was a photocopy of someone’s fingerprint and a little bit
of saliva. You may also remember how Apple’s iPhone
5S, which came with a Touch ID fingerprint scanner built in was hacked by researchers
just one day after it launched. Scientists managed to crack it using a cheap domestic
scanner to create a photograph of a print left on the glass screen. Granted, it was not
an easy process, but for the criminally inclined who have a lot of time on their hands, it’s
still doable. So what about eye scanners? Lots of companies
are currently dabbling in both retina and iris scanners, but how do they work, and
how secure are they? Retina scanners work by shooting an invisible
infrared light into your eyeball and measuring the pattern of light that gets reflected back
which is unique for every person. Unfortunately some diseases, like glaucoma and diabetes, can change that pattern over time, potentially locking you out of your own devices.
Iris scanners work in a similar way in that they shoot near-infrared light into
your eye and use the light that reflects back to replicate the intricacies of your iris.
For the most part, it’s considered superior to retina scanning. It can be done from a
greater distance, so it’s less intrusive. And your iris isn’t susceptible to disease
in the same way your retina is so unless you suffer from a serious eye injury, it’ll pretty much remain the same throughout your life. As far as biometric scanning goes, the iris
appears to be the “final frontier” so we shouldn’t be surprised if our phones
start coming with that technology built in, even a few years from now. Of course, it still brings up the same issues
as any fingerprint scanning. If the information is stored somewhere, it’s naturally vulnerable
to theft. And once it gets stolen, it’s pretty much stolen forever.
Fortunately, there’s already software out there to protect you from identity theft and
other dangers online, so a big thank you to Norton for protecting the vulnerable among
us and for sponsoring the show. In the meantime, let us know what you think
about the future of biometric scanning, in the comments down below, and as always, thank
you guys for watching! This episode of DNews was brought to you by Norton.

100 thoughts on “How Secure Are Fingerprint Scanners?

  1. There is one very important aspect your report did not cover.  Your constitutional rights. In short use passcodes NOT fingerprints.

    Court Rules Police Can Force Users to Unlock iPhones With Fingerprints, But Not Passcodes

    http://www.macrumors.com/2014/10/31/fingerprints-not-protected-by-fifth-amendment/

  2. Norton protect? HA!! Every computer i've had with norton ended up having to get its hard drive wiped to remove all the trojans and to remove norton itself!!. Once it's fully installed and activated it's absolute HELL to remove.

  3. all the time Im wondering. If the database leak, how the hell we will be able to change password? After 10th database leak ppl start to walk without socks to speed up finger scanning? Or mamybe scientist give us pill to grow up new finger somewhere?

  4. There is nothing that is spread aroud so much as your fingerprints and name signature. They are everywhere. To use them legally is a joke. Using any fingerprints or any ID on Internet connected devices is just a bad idea cause they will then travel through networks for ever. Nothing is less private. The inside of the eye-globe is better. But if you digitize it, it's all bad again. Anything stored on clouds or connected home devices are criminally public. 

  5. you missed the possibility of apple actually not store you fingerprint data on that second board (attached to the processor, can't remember what it was), and first send the data to nasa, then storing it secure

  6. Simply put, anything stored in code can be hacked. If you can't change the code, then it's not worth storing; ie: finger prints, iris, retinas, etc. Sounds all futuristic, but it's just putting everyone in the shithole.
    So far, mu finger prints and eyeballs are safe and sound on my body alone.

  7. I know lots of people who don't lock their phones because they can't be bothered to put in a code all the time. For those people fingerprint scanners are good because it's relatively effortless so they're more likely to use it, and even hackable security is better than no security generally, not taking into account false sense of security.

  8. In this present time, there is no privacy.
    You apply your birth certificate , you already given all your data to someone. 
    You apply credit cards, bank account and many more.

    So just keep you money separate and hope not all your account being hacked,

    Hmm… how Mr. Gate find his solution, due to his wealth is almost my country GDP. 

  9. 1 fingerprint scanner 1 iris scanner 1 password and one voice recognition at the same time. And if you get it wrong one time you have to have a webcam confirm to make sure it's you.

    Boom check and mate.

  10. Another issue that comes with biometrics is their accuracy. When scanning fingerprints for example, you want a certain range of error. If at the time of scanning, the glass or your finger is dirty or the lighting isn't the same, it could cause a different reading. To make the process not so tedious for the user, the scan needs allow a range of error. This can cause two users with similar biometric reading to log in under the same account by mistake. Of course, the chances of this happening on a personal computer or phone are very low but could be problematic for something like a big company with over a thousand employee all using the same fingerprint login system.

  11. Off course encryption will be involved. The biometric scan will produce a unique key stream on activation which is then used to decrypt a unique key. Stealing the "password" is not enough. They need your fingerprints and also need to know the method used for encryption to reverse the process and decrypt the key for themselves. Brute force attack would be infeasible but yes, there are methods to decipher the key.

  12. Storing a salted hash of a small part of the fingerprint locally on your device is a better idea than storing all or part of your fingerprint on a server.

  13. biometrics are user names not passwords, thats the only way to look at them, so to gain access to your account or device you need the biometrics, a device, and a password

  14. the problem with passwords quickly fade when we begin to carry the devices inside us, and authentication will take place at the genetic level

  15. shooting infra-red into your eye is a horrible idea. the pupil doesn't react to it, so youre in much more danger of retinal burns

  16. there is a neat scanner at a university that reads the pattern of veins in your hand. fingerprints are easy to come by, and easy to replicate. the veins are harder to steal, and much harder to replicate. but nothing is totally secure. there are mathematical things that are proven to be unbreakable, but as soon as you implement it in hardware or software, you just use other attack vectors

  17. Pigment dispersion syndrome (PDS) could probably screw with iris scanning over time as glaucoma can screw with retina scanning. Also both iris and retina scanning still convert your ID into a stored digital signal that can be stolen, so how is that any better?

  18. So, the drawback of fingerprint scans is that fingerprints can't be changed, and the disadvantage of iris and retina scans is that irises and retinas can be changed. Right…

  19. Its obviously a plan by the US gov to steal fingerprints if u do something illegal, they know where to find you. the future is not bright, its dark.

  20. People who don't lock their phone with a password (or equivalent) leave their email wide open, which is where password resets are sent.  Fingerprint scanner is better than no password.  

    There are a lot of methods banks and credit card companies can do to secure money transfers, but there's no incentive.  The burden falls to the merchants.  The merchants either write off the loss or charge it back to their customers.  It is considered a cost of doing business.  As a consumer I'm not responsible for the credit card fraud, so I don't have a lot of incentive either.  

  21. Eyescanner:Up date it at least once a year. Re-Scan your eye if they may change light reflections.over time. It'd be just like changing your password, like you should, every once in awhile. Some people change their passwords at least once a week. loll

  22. Seriously, enough with the idiotic comments that appear everytime on every video about concerning the DNews sponsors. You all aware that DNews is a free show that has to pay its employees correct? In order to do this, they require ads or they'll need to create a paid subscription. So, if you don't like the ads, simply don't pay attention to them. (Yes I understand how annoying they are, but I'd rather just suck it up than have to pay a subscription)

  23. Norton is one of the worst antivirus out there, with high false-positive rates and has been consistently rated (over the years) at the bottom in terms of actual malware detection and prevention. But I love DNews anyways so whatever pays the bills!

  24. Using biological markers as passwords is wrong because it forces a participant to forfeit their biological information to a database, and any database is not free from being invaded since part of privacy/security is contingent on the capabilities and motives of others (which are dynamic and often unclear at any moment).

  25. I was almost leary of using it on my S5 and, now, S7 Active. I didn't know the true technology behind it.

    But, besides being finger printed at least twice at two different county jails, I remember them getting my fingerprints when I was 10 years old (1995), for "Ident-i-Kid" cards, or however it's spelled.

    I have a feeling that was illegal as fuck, because my parents didn't even know about it. They seriously just came and fingerprinted every single kid at school.

  26. I'm not worried about how secure it is to unlock the encrypted info.. That should require a pin and optionally add fingerprint for more security.

    What I'm worried about is somebody being able to get the stored prints and frame or use for identity theft.

  27. I'll keep an extra finger a fake one in my pocket so that nobody could copy or lift my finger print from places I touch ha ha

  28. "Iris scanner appears to be the final frontier, so don't be surprised if you see devices come with it as a built in feature, even a few years from now"

    Mind blown haha. Mine has iris scanner

  29. This is how humans become slaves … they know who we are, what we do, who are our friends and now they have our fingerprint? :O Iam still using my old Galaxy without fingerprint sensor! They cant have my datas haha

  30. I watched one of James Bond movies. After he killed the target, he used the latter's finger to open the smartphone.

  31. 2:40 – 2:43…..This is incorrect. Deoxyribonucleic acid (DNA) is the Ultimate in Bio-metrics. Two years ago I had to do a paper for DeVry on bio-metrics. Some facts I found along the way….Fingerprint ratio, believe it or not, is approximately 1 in 11,000. If there are 7 billion people on this planet, then more than half a million people have the same fingerprint as you do. The only good fingerprint scanners are the ones where you have to slide your finger across a sensor. Things like ballistics gel or latex gloves won't work on those. Otherwise, for the time being, fingerprint readers are the cheaper method…which is why more people/businesses use them.

    What should have been said was that eye scanners are currently the best. Newer ones use a type of sonar that is better than using light. With DNA there is a 1 in 13,000,000,000,000 chance of having the exact same DNA (I'm not counting identical twins)….bear in mind this was 2 – 3 years ago, so I'm sure things may have changed a little. So maybe if you lived 2 or 3 thousand years, you could find someone with the same DNA. Only downside of using DNA is that we haven't been able to market it yet. We still need a few years to make it work. But when it happens, it will be the best.

  32. This information you are putting out is hard to find. I've known about this since reading the article about when apple first tested this technology. They asked a group of hackers to see if they could crack 100 real identities saved to their system and gave them 1 month to see if there were any exploits before they released this. The group came back after 1 week and said they were done. Apple said that's great how many did you get. The group said no you dont understand we got all 100.

    Just as you said there is a number associated to your fingerprint just like data is stored for a picture. The group explained it was difficult at first but then when they figured it out they unlocked all of them at once.

    Your biometrics are like your social security number but worse. Once stolen you can never be secure again because you can change your ssn but can't change your fingerprints.

    Side note even if you get a replacement ssn due to identity theft, it too is unsecure forever. This is due to the fact that it must read the new # and revert back to the old one in some way to connect the 2.

  33. Forgot to note about apple:
    So much money was spent designing this that apple decided their was nothing to do so they buried the knowledge of this exploit and changed nothing then released it the feature.

  34. Your fingerprint is not stored on some server somewhere. Copy of your finger print is stored on the device itself. Just don't loose your device and you'll be fine. I can't speak for iPhone as, they are shit. They are devices for people who don't know anything about technology. High end Android would be harder to get into tho. On Android the end user has more control over their info not so much on iPhone. So beware

Leave a Reply

Your email address will not be published. Required fields are marked *