Fingerprint Smartphones and the Illusion of Security*
Just leave it to corporate America to ruin a good idea, making it worthless for all sense and purposes. I refer specifically to the fingerprint reader on most contemporary smartphones these days (2015).
The fingerprint reader, in principle, could have led to ‘crack-less security’ that no external agent would be able to access. In particular, if all smartphones with fingerprint readers would require BOTH PASSWORD AND A FINGERPRINT, this would in fact have established a two-factor security system, and thereby greatly elevating their security. A hacker could hack the phone and be able to identify the main password, but without the fingerprint, they would not have access to the phone.
Yet to anyone who owns a smartphone knows immediately that this is not the manner in which security is implemented on their phone. Smartphones use a ‘substitutive system’, whereby the user can use the fingerprint OR the password—but is not required to use both. Typically the main selling point for this system is that it allows the user to bypass having to type in their password. Convenience is the enemy of security, still today.
Sadly, this is the worst of all worlds, because it gives a false sense of security, suggesting that a ‘two factor authentication’ system is in place—a system used by all banks and security experts—when really you only have a one factor authentication. For example, one of the iPhone’s main selling points is the security of its fingerprint system, which is likely secure (image is embedded on a chip), as fa r as I know. The problem, however, lies in the manner in which this system is implemented; after 48 hours, you are forced to type in your password.
It can be noted that to establish a true two-factor authentication for current smartphones would likely be perceived by consumers as a ‘hassle’; after all, with the fingerprint system, they don’t have to recall what their password is, and are saved from having to press 6+ digits on the screen. In this sense, the fingerprint would be ‘costly’, and perceived as one more ‘digit’ to press, without recognizing how very important this mechanism is for their own security.
Finally, THREE-FACTOR AUTHENTICATION could also be established via the small NFC detector on the back of all contemporary smartphones. A third requirement could be an external object or 'key', such as Yubikey, before the phone and its contents could be accessed. This system (prior to fingerprint) was already implemented via hacking of android phones in the past. While this system would certainly be the most secure, it is to be noted that it would likely be used only in extreme cases because of its inherente inconvenience: accessing the phone would require something that 1) you know 2) you are and 3) you have. Losing any one of these three key would render the phone useless.
But, as Steve Jobs would have said in the past, companies have to give clients what they need, which is not necessarily the same thing as what they perceive they want. What is essential and important, must be distinguished from what is merely superfluous ‘eye-candy’.
By establishing business decisions by what the public favors rather than what they require, corporations are stereotypically going for the ‘bottom line’ rather than a higher moral ground. They are only seeking to maximize profits rather than assist their fellow man.
Our technologies have to incorporate our values in their design and user-interaction, and it is clear that current fingerprint smartphones do not. Robert Moses in New York City was known for having developed bridges and tunnels that did not allow public buses to pass through them, because of their low height. This effectively prohibited poor (Afro American and Hispanic) citizens from the city to visit nearby beaches, whose only source of transportation was the public city bus. Its nearby beaches were thus effectively restricted only to the middle-upper (white) class who owned cars.
As you would imagine, Moses's bridges and tunnels were all demolished in order to pave the way for a more democratic experience.
It's time that the US Constitution took the same approach to smartphones.