Slashdot is powered by your submissions, so send in your scoop
Attackers Can Bypass Fingerprint Authentication With an 80 Percent Success Rate (arstechnica.com) 5
The percentages are based on 20 attempts for each device with the best fake fingerprint the researchers were able to create. While Apple Apple products limit users to five attempts before asking for the PIN or password, the researchers subjected the devices to 20 attempts (that is, multiple groups of from one or more attempts). Of the 20 attempts, 17 were successful. Other products tested permitted significantly more or even an unlimited number of unsuccessful tries. Tuesday’s report was quick to point out that the results required several months of painstaking work, with more than 50 fingerprint molds created before getting one to work. The study also noted that the demands of the attack — which involved obtaining a clean image of a target’s fingerprint and then getting physical access to the target’s device — meant that only the most determined and capable adversaries would succeed. The most susceptible devices were the AICase padlock and Huawei’s Honor 7x and Samsung’s Note 9 Android phones, “all of which were bypassed 100 percent of the time,” the report says. “Fingerprint authentication in the iPhone 8, MacBook Pro 2018, and the Samsung S10 came next, where the success rate was more than 90 percent. Five laptop models running Windows 10 and two USB drives — the Verbatim Fingerprint Secure and the Lexar Jumpdrive F35 — performed the best, with researchers achieving a 0-percent success rate.”
That sounds like the ‘Sex Panther’ from Anchorman
Brian Fantana: They’ve done studies, you know. 60% of the time, it works every time.
I use fingerprint auth in situations where I’d prefer not to use auth at all but something (such as my employer) forces me to. For example, I don’t really want to authenticate on leaving the 10-minute forced screen saver but at least fingerprint makes it painless.
So frankly I don’t care how bad it is because from my perspective it’s not protecting anything anyway.
Although I think the Apple fingerprint detectors are probably more reliable, this study goes to show that FaceID is a way more secure approach.
- The researchers have a term for the vulnerable devices…
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Related Links Top of the: day, week, month.
- 582 commentsAG Barr Says Consumers Should Accept Security Risks of Encryption Backdoors
- 568 commentsIn a First, Israel Responds To Hamas Hackers With an Air Strike
- 432 commentsAtlassian Changes Annual Performance Reviews To Stop Rewarding ‘Brilliant Jerks’
- 397 commentsIs Hiring Broken?
- 326 commentsFlorida City Fires IT Employee After Paying Ransom Demand Last Week
Slashdot Top Deals
- Get more comments
- 5 of 5 loaded
“The C Programming Language — A language which combines the flexibility of assembly language with the power of assembly language.”