Having your biometric data stolen is a lot worse than having your password stolen for obvious reasons. You can’t change your fingerprints. We need to be really careful before we entrust our biometrics to large, networked databases because sooner or later they will be stolen.
This just happened – in a big way – to the Office of Personnel Management in the US. This is the agency that handles all government personnel data, including things like the security clearance documentation of those employees. That data is potentially very sensitive and could be exploited by blackmailers, which might be why the thieves (believed to be the Chinese) did it.
And if that wasn’t bad enough, the thieves also made off with the fingerprints of 5.6 million federal employees. As fingerprints gradually become more common as an authentication token, that data is going to become more and more valuable to criminals and spies. Don’t forget, people had fooled the iPhone fingerprint reader within days of it’s launch and have cracked others since. It’s an arms race and the hackers seem to be winning at the moment. Here are 7 ways to fool fingerprint scanners. On an episode of Mythbusters, Adam and Jamie managed to fool a sophisticated fingerprint reader by scanning a fingerprint, blowing it up to large size, drawing in the bits that were poorly rendered with a felt tip pen and then shrinking it down again. This is not high tech stuff.
If we’re going to use biometrics, they shouldn’t be stored on central servers; they should reside on our devices. They won’t be safe there, but they’ll be safer than on some server somewhere. For one thing, the attacker would need access to the device (and we increasingly have many of our devices with us at almost all times. More importantly, it’s just a lot less practical to go after individual phones when there’s a nice big list of fingerprints in a known location.
For what it’s worth, Apple does keep fingerprints on-device.