In Brief

How secure are smartphone fingerprint readers?

NatWest and RBS customers with Apple iPhones can now use fingerprints to access bank accounts

NatWest and the Royal Bank of Scotland are allowing customers to access their bank accounts online using fingerprint recognition rather than a password.

From tomorrow, customers with an iPhone 5s, iPhone 6 and iPhone 6 Plus will be able to access their bank account online using Apple's Touch ID fingerprint sensor.

But how safe is the technology?

Since it was introduced two years ago, it has "proven to be one of the best fingerprint scanning implementations available", says The Guardian.

The detection ring, built into the home button, already features on the latest Apple iPhones and iPads, enabling users to unlock their devices and verify iTunes and App Store purchases using their finger or thumb. Other third-party apps, such as Evernote and Dropbox, have also adopted the technology.

Yet, when it first launched on the iPhone 5s in 2013, it took a biometrics hacking team from Germany's Chaos Computer Club just a day to bypass the security by replicating a fingerprint left on a glass surface.

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics," stated the group. "It is plain stupid to use something that you can't change and that you leave everywhere every day as a security token."

Ben Schlabs, from the German hacking think tank SRLabs, said the security implications for the new banking apps are the same. "It is just as dangerous," he told the BBC.

Nevertheless, Schlabs admitted he did not know of any actual crimes being enabled by the Apple's Touch ID fingerprint sensor.

Even Marc Rogers, principal security researcher at Lookout, who also hacked Touch ID, says he still thinks it is "awesome" technology. Exploiting the sensor's flaws relies on a "combination of skills, existing academic research and the patience of a crime scene technician", he says, suggesting it is so complicated that most criminals wouldn't bother.

Rogers does, however, suggest that Apple introduce two-factor authentication, such as a fingerprint and a password.

But it appears that RBS and NatWest – who are introducing the technology specifically to make digital banking "even easier and more convenient" – might be reluctant to set further security hurdles for their customers.

Recommended

Sue Gray report: what are the possible outcomes?
Boris Johnson
Today’s big question

Sue Gray report: what are the possible outcomes?

The cheapest and most expensive areas to rent in the UK
UK housing
In Brief

The cheapest and most expensive areas to rent in the UK

Five times the cost of living triggered civil unrest
Yellow vests protestors demonstrate near the Arc de Triomphe
In Depth

Five times the cost of living triggered civil unrest

The pros and cons of gene-editing food
A combine harvester works its way through a field of barley
Pros and cons

The pros and cons of gene-editing food

Popular articles

Is Russian President Vladimir Putin seriously ill?
Vladimir Putin
Why we’re talking about . . .

Is Russian President Vladimir Putin seriously ill?

What would happen if China invaded Taiwan?
Chinese troops on mobile rocket launchers during a parade in Beijing
Fact file

What would happen if China invaded Taiwan?

The mysterious Russian oligarch deaths
Vladimir Putin has previously deployed ‘extreme measures’ to crush opposition
Why we’re talking about . . .

The mysterious Russian oligarch deaths

The Week Footer Banner