Fingerprints and smartphones

For the biometric industry, the fingerprint represents significant security. Indeed many facilities use fingerprint biometrics for access control to high-security areas, and a few computers are now using fingerprints as your password; sometimes its built right into the computer laptop itself. Even the 24 Hour Fitness chain of gyms is rolling out a fingerprint biometric access control/guest check-in procedure.

But for smartphone users who tap and touch their touch screen monitors and keypads to access their phones, the touch of a fingerprint could be the onset of a security weakness. Most of these phones don't use biometrics; instead they use some sort of visual or tapped-in password (tapping it a PIN number or, in the case of the Android, dragging the finger across the touch screen in a particular pattern). What security researchers have found, according to a PC World article by Tony Bradley, is that the oily residue left by these repeated touches can be studied to decipher what the user is doing to gain access to the phone. The researchers simply used cameras and computers to capture the image of the residue and decipher the pattern.

As quoted in the PC World article, "In one experiment, the pattern was partially identifiable in 92 percent and fully in 68 percent of the tested lighting and camera setups. Even in our worst performing experiment, under less than ideal pattern entry conditions, the pattern can be partially extracted in 37 percent of the setups and fully in 14 percent of them."

The point of the researchers is that phones have become so smart that a stranger isn't just getting access to mom's phone number anymore; they might be able to access corporate emails, some sensitive files and they could even, gasp, play a game of Tetris while they're at it.

Perhaps the solution could be to make the fingerprint a strength rather than a weakness, by turning toward biometric phones? Good luck. Pantech tried this years ago with the GI100, which never apparently made it into customers' hands. Lenovo had the P960 with fingerprint biometrics; that Lenovo phone still is being written about on the consumer tech blogs, but no one has seen a launch date, and after two years, I think that phone is probably just a rumor without substance.

Hey, nice phone. The new LG eXpo smartphone with fingerprint biometrics

But there's some indication that biometric phone security could actually be turning the corner. There is an app for the Google Android phone system that uses the camera and facial recognition, and BIO-key announced earlier this month that they are releasing a biometrics platform for phones. The press release said the company is doing this because of an "anticipated ubiquity of fingerprint enabled smartphones such as the LG eXpo." LG has tended to make only "semi-smart" phones, but now it's out with the eXpo, which is going to have a Pico projector (pretty nice), a Windows Mobile OS (yawn: consider that everyone has turned to systems from iPhone, Android or RIM/Blackberry), and the fingerprint biometric sensor (pretty cool).

However, I don't know if I'd agree with BIO-key's over-eager press release writers who think biometrics is going to find "ubiquity" in the smartphone market. It hasn't yet found ubiquity in the PC and laptop market, which I think is where it makes even more sense than the smartphone market (those PC are the more powerful business devices). We also haven't seen ubiquity in the physical security door access control market or even in the payment industry, in spite of the fact that fingerprints do make sense in those areas and the technology has been readily available for years. I think we'll see some market penetration of biometrics in the smartphone space, and the biometric feature will be the sizzle for some buyers, but it won't be the steak. That, I think, will continue to be the operating system, the cell provider's network and the availability of apps.