•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Smartphone fingerprint authentication is often presented as a convenient and secure way to unlock devices. However, cybersecurity experts warn that fingerprints can be captured and misused, and that once biometric data are leaked, users cannot simply “change” them like a password.
According to Yahoo News, Zhang Wei, deputy director of the Shanghai Information Security Trade Association, warned that fingerprints can be exposed in ways many people do not expect. He said a person’s fingerprint can be captured from photos and used by criminals.
Mr. Zhang pointed to a common social-media habit: a V-shaped hand pose that shows the index and middle fingers. He warned that people using this pose should not post such images online if the camera is within 3 meters. He added that as camera quality improves, criminals can create a fingerprint model from images and use it to bypass fingerprint authentication systems.
Cybersecurity expert Dr. Aim Sinpeng of the University of Sydney told Yahoo News Australia that while she has not heard of such threats in Australia, the scenario could occur. Dr. Sinpeng noted that these concerns were also reported by the South China Morning Post.
Fingerprints are also left on everyday objects, including door handles, railings, cups and glasses, keyboards, and screens. That creates multiple opportunities for hackers to collect fingerprint data.
The Chaos Computer Club has demonstrated related risks since 2008. The group used a photo to recreate a user’s fingerprint, and in 2013 it used rubber to create a fake finger to unlock a device. More recently, similar methods have been repeated using modeling clay and Elmer’s glue, showing how easily physical fingerprints can be reproduced.
At Black Hat 2015 in Las Vegas, security experts demonstrated multiple ways to compromise fingerprint locks. They created an app that imitates a phone’s unlock screen; when the victim uses it, the app can approve financial transactions. They also preloaded fingerprints on a phone to gain access, showed that reconstructing fingerprints from the file used to store them is relatively easy, and demonstrated hacking the fingerprint reader itself to retrieve fingerprint images at will.
Fingerprints are permanent. Once criminals obtain them, they can continue to use them or sell them to other criminals. This risk is heightened when many organizations collect fingerprints for authentication purposes.
While fingerprint unlocking is often viewed as safe because each person’s fingerprint is unique, experts caution that it does not guarantee absolute security. They also note that fingerprint data are stored in a special module on the mobile device, designed so only the rightful owner can access it for security reasons.
Even so, fingerprint unlocking is described as less secure than unlocking with a numeric password. The article notes that while a phone is sleeping and left on a table, someone could still unlock it using the user’s fingerprint.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
