hw6_security_Fingerprint recognition

 

Security

    ---- Fingerprint recognition

Security is the degree of resistance to or protection from harm. It applies to any vulnerable and/or valuable asset such as a person dwelling community item nation or organization.

Is Fingerprint recognition really safe?

Two years ago iPhone 5S opened the smartphone fingerprint era. Subsequently a large wave of Android fingerprint recognition mobile phones have emerged. And in the past two years with the industry chain manufacturers to fuel the threshold of fingerprint identification technology is gradually lower the terminal price is rapidly dropping. The original tall technology is only applied to the high-end flagship machine and now thousands of machines can also have the same function.

However when the fingerprint phone into the homes of ordinary people a problem that can not be ignored and immediately came: your fingerprint phone security?

Recently in the world of the black hat Conference (BlackHat) two Wei Tao Zhang Yulong Chinese from hackers found significant gaps in Android fingerprint recognition framework through this loophole they can easily bypass the fingerprint reader which can unlock the mobile phone screen should be installed or even transfer payment etc.. In addition they can directly copy the user's fingerprint information which will be a serious threat to the user's personal information and privacy security. It is reported that they broke the HTC One Max Samsung Galaxy S5 two models. However due to the vulnerability in the Android system level that is any Android phone equipped with fingerprint unlock will be threatened.

So has always been known for the safety of fingerprint identification technology why will frequently be cracked and to answer this question also need to start from the principle of fingerprint recognition technology.

At present the mainstream of the market in the application of smart phone fingerprint recognition technology has two kinds: press and sliding. They are basically based on the principle of capacitance sensor identification by fingers to form a capacitor pole and the other pole form micro sensor micro electric current passing through the human body and the capacitance sensor fingerprint peaks and troughs forming capacitance height difference and then describe the fingerprint image. Then using this image and the database fingerprint samples to match each other a fingerprint recognition process is completed.

Android mobile phone manufacturers in the protection of the fingerprint is the use of chip level security solutions TrustZone including Meizu's MX4 Pro HUAWEI's Mate 7 and other uses of the program. It is a kind of ARM can provide protection of sensitive information of the hardware security architecture system used for the mobile phone from the hardware and software is divided into security zone and common area two areas. The security zone belongs to the hardware encryption level so the third party cannot access the sensitive data. The hardware and software of the dual mechanism to complete the fingerprint identification technology security management.

But in fact there are a number of loopholes in this area encryption.

In the whole process of identification the matching process of fingerprint image needs to be realized by software and it provides the crack for hackers. However when the program appears software vulnerabilities hackers will be able to execute arbitrary code in the trusted area the TrustZone completely compromised. In August last year there is news that Qualcomm snapdragon series deal with the existence of TrustZone vulnerabilities. These vulnerabilities can be exploited by hackers to break the system level protection mechanism and access to user privacy information and even the completion of payment such as high authority action.

TrustZone is regarded as the last line of defense Anroid fingerprint mobile security but once broken fingerprint recognition will be useless. However the hackers are currently using software vulnerabilities to crack and when these vulnerabilities are discovered Google will immediately be blocked.

So Apple fans will ask how Touch ID Apple's security?

In the black hat conference hackers did not take the apple Touch ID they did not bypass the Touch ID can steal the user's fingerprint information it also reflects the iOS as a closed system in terms of security advantages.

But this does not mean that Touch ID absolute security. In fact only one day after the release of iPhone 5S Europe's largest hacker group ChaosComputerClub announced the break Touch ID. However for Touch ID crack is more than the use of fingerprint film in this way the only way to crack through the hardware and software rarely.

In terms of fingerprint security apple is the use of an independent design of the Secure Enclave module the module is also based on the ARM TrustZone technology which is equivalent to Apple customized a highly optimized TrustZone module. According to Apple's security manual description Secure Enclave is a single chip processor in the processing of Apple's custom when it will start the security information sequence code and software update mechanism specifically responsible for the operation of data protection and encryption. And only Secure Enclave to access the user's fingerprint information Apple Corp can not be learned will not spread to the above iCould. Apple will store the user's fingerprint information locally and not uploaded to the cloud which greatly reduces the possibility of being stolen.

Former Google security guru security expert Shuman Ghosemajumder said fingerprint scanning must be based only on the hardware the scanning process can not be activated by the software or the fingerprint information to the software. If the device can be activated by the software it can not avoid the risk of being attacked by malicious code. It can be seen that regardless of how Apple Touch ID to strengthen the protection of the hardware but the process of its fingerprint recognition software still need to cooperate which also makes it a certain security risk.

But in any case fingerprint recognition is still widely available and a high security encryption. And with the development of technology some new fingerprint identification technology began to appear such as Qualcomm has launched a black technology - Ultrasonic fingerprint identification.

Mobile phone is not the most convenient but not secure encryption but also the most convenient phone password security and the fingerprint is just in between the two in the convenience and security to find an easy to allow users to accept the balance point. In the mobile phone products even if there is a chance to break the fingerprint can not guarantee the investment and benefit of QieMi quite fingerprint recognition pushed up the cost and risk of theft.

That is to say the fingerprint recognition is the high cost of theft by pulling back rather than security but with the rise of mobile payment the fingerprint recognition is not only to protect the important information will also direct and personal property is closely related to the fingerprint recognition will be safe? As long as it is worth it will be cracked.

 

Reference:

http://www.21ic.com/chongdian/zhenxin/2015-09-24/642497.html

http://news.mydrivers.com/1/347/347229.htm