What is so surprising about the revelation that fingerprint scanners on Android devices are vulnerable to hackers is that people are surprised about it.
The irreconcilable flaws in using biometrics were exposed years ago when Tony Blair’s despotic regime was trying to introduce biometric ID cards and more recently in the context of mobile devices, by how unbelievably easy it was to lift a fingerprint off the scanner of an iPhone which could be used over and over again.
You see, the main problem with using fingerprints is that you have to physically touch the scanner glass and that leaves a residue that can be lifted using a piece of plastic film and turned into as many copies of your fingerprint as you want. Whilst the physical method of cloning fingerprints is the simplest it can’t really be done on an industrial scale so the real vulnerability is a man in the middle attack which intercepts the digital encoding of your fingerprint and provides that to the system comparing it to the one on file rather than a physical scan of a finger.
As mobster John Dillinger found out over 80 years ago, you can’t obliterate or alter your fingerprints and the only way to stop them growing back as your skin heals is to graft skin from elsewhere on your body. If hackers manage to get a digital copy of your fingerprint, what are you going to do? Or your iris scans or DNA? You can’t change your biometric data so once it’s compromised it’s personally compromised.
My current mobile phone (Samsung Galaxy S5) is listed amongst the devices that had a vulnerability with its fingerprint scanner. It’s been patched apparently but that was never a problem for me because I refused to set up the fingerprint scanner. I pledged to refuse to hand over my biometrics to the British government back in 2006 so why would I hand them over to the company that makes my mobile phone, Google and anyone else who has access to the fingerprint database?
The best way to keep your biometrics safe is not to give them away in the first place.