Laptop makers using cheaper smartphone fingerprint sensors instead of secure sensors in laptops are placing user privacy at risk, says Synaptics VP of Product Godfrey Cheng.
Smartphone fingerprint sensors do not encrypt stored fingerprints and can enable hackers to infiltrate work computers.
Cheng claims that by using smartphone fingerprint sensors instead of the ones curated for laptops, a number of laptop makers save about 25 cents per machine. By doing this, they place user privacy and data at risk since smartphone fingerprint sensors do not encrypt stored fingerprints.
“Fingerprint identification has taken off because it is secure and convenient when it’s done right. “When it’s not secure all of the way through, then that’s an exposure that an attacker can exploit,” Chang told VentureBeat.
Typical fingerprint sensors in laptops encrypt stored fingerprints and verify new prints by using secondary host processors, thus making it difficult for hackers to obtain users' biometric details. On the other hand, smartphone fingerprint sensors send fingerprints to CPUs for processing through an unencrypted channel which is vulnerable to hacks, he said.
Hackers and cyber thieves can install malicious software in laptops using phishing tactics. Once installed, such software can then be used to steal fingerprints every time a user places his finger on a sensor. The fingerprints can then be copied and used by hackers to infiltrate computers and obtain confidential data.
Cheng is now advising laptop buyers to check whether the laptops they are planning to buy include encrypted fingerprint sensors instead of cheaper alternatives. Given that the likes of Intel and Microsoft are now encrypting flash storages as well as basic input output software, unencrypted fingerprint sensors are among the few pathways left for hackers to exploit in order to gain access to work computers.
“Fingerprint identification will have breakages, as no security is perfect. We will continue to step up. Security is weighed against convenience. Somewhere in the middle is a happy medium,” he said.
2 out of 3 UK enterprises suffered data breach last year
Consumers failing to properly secure hackable Christmas gadgets
Hardware vulnerability leaves business PCs running Intel hardware open to hackers