Blog: April 2014
Posted: Friday,April 25,2014
The latest fingerprint spoofing incident, demonstrated by researchers from Germany-based Security Research Labs on the Samsung Galaxy S5, highlights the prevailing confusion over the differences between spoofing and hacking a device and the subsequent risks they present to users and service providers. Both Apple iPhone 5S and Samsung Galaxy S5 fingerprint sensor attacks were spoofs. The devices were defeated by imitating a single fingerprint. This is very different from a hack, which could compromise a high volume of users at once.
In both the fingerprint spoofing cases, neither the device nor the user credentials were compromised. This would have to be accomplished by a hack, which requires a break-in of a device and subsequent theft of the biometric template and related data, or by the depositing of malware. So how do we maintain the security of personal, biometric data?
In a FIDO authentication mod...