In Brief

How secure are smartphone fingerprint readers?

NatWest and RBS customers with Apple iPhones can now use fingerprints to access bank accounts

NatWest and the Royal Bank of Scotland are allowing customers to access their bank accounts online using fingerprint recognition rather than a password.

From tomorrow, customers with an iPhone 5s, iPhone 6 and iPhone 6 Plus will be able to access their bank account online using Apple's Touch ID fingerprint sensor.

But how safe is the technology?

Since it was introduced two years ago, it has "proven to be one of the best fingerprint scanning implementations available", says The Guardian.

The detection ring, built into the home button, already features on the latest Apple iPhones and iPads, enabling users to unlock their devices and verify iTunes and App Store purchases using their finger or thumb. Other third-party apps, such as Evernote and Dropbox, have also adopted the technology.

Yet, when it first launched on the iPhone 5s in 2013, it took a biometrics hacking team from Germany's Chaos Computer Club just a day to bypass the security by replicating a fingerprint left on a glass surface.

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics," stated the group. "It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token."

Ben Schlabs, from the German hacking think tank SRLabs, said the security implications for the new banking apps are the same. "It is just as dangerous," he told the BBC.

Nevertheless, Schlabs admitted he did not know of any actual crimes being enabled by the Apple's Touch ID fingerprint sensor.

Even Marc Rogers, principal security researcher at Lookout, who also hacked Touch ID, says he still thinks it is "awesome" technology. Exploiting the sensor's flaws relies on a "combination of skills, existing academic research and the patience of a crime scene technician", he says, suggesting it is so complicated that most criminals wouldn't bother.

Rogers does, however, suggest that Apple introduce two-factor authentication, such as a fingerprint and a password.

But it appears that RBS and NatWest – who are introducing the technology specifically to make digital banking "even easier and more convenient" – might be reluctant to set further security hurdles for their customers.

Recommended

‘Netflix of sport’ DAZN in advanced talks to buy BT Sport 
DAZN cameraman
In Focus

‘Netflix of sport’ DAZN in advanced talks to buy BT Sport 

Boris Johnson and his ‘notoriously complex’ baby count
Boris Johnson in New York City
Why we’re talking about . . .

Boris Johnson and his ‘notoriously complex’ baby count

‘Variant-proof’ Covid vaccine begins trials
A nurse with a vaccine
Getting to grips with . . .

‘Variant-proof’ Covid vaccine begins trials

Hopes fade for UK-US trade deal: what’s the alternative?
Boris Johnson and Joe Biden in the White House
Today’s big question

Hopes fade for UK-US trade deal: what’s the alternative?

Popular articles

Doctor says we should not sleep naked because of flatulent spraying
The feet of a person sleeping in a bed
Tall Tales

Doctor says we should not sleep naked because of flatulent spraying

Penguins ‘might be aliens’
Penguins
Tall Tales

Penguins ‘might be aliens’

Abba returns: how the Swedish supergroup and their ‘Abba-tars’ are taking a chance on a reunion
Abba on stage
In Brief

Abba returns: how the Swedish supergroup and their ‘Abba-tars’ are taking a chance on a reunion

The Week Footer Banner