Senator questions Samsung on fingerprint security
U.S. Sen. Al Franken (D-MN) has sent a letter to Samsung asking questions about privacy measures on the Galaxy S5 smartphone's fingerprint scanner.
As Franken pointed out, “Fingerprints are the opposite of secret. You leave them on countless objects that you touch throughout the day: your car door, a glass of water, even the screen of your smartphone. And unlike passwords, fingerprints cannot be changed. If hackers get hold of a digital copy of your fingerprint, they could use it to impersonate you for the rest of your life, particularly as more and more technologies start relying on fingerprint authentication.”
Franken suggested that the Galaxy S5 may present security concerns that Apple's Touch ID doesn’t. The Samsung device reportedly allows unlimited authentication attempts without requiring a password, and apparently any app can use the scanner.
In 13 questions presented to Samsung in the letter, Franken asked for details on how Samsung and third-party apps interact with the fingerprint scanner. He asked for information on where fingerprint data is stored (the cloud, for example) and backed up. He also asks whether fingerprint data can be extracted remotely from the device.
He asked several questions regarding American law, including whether fingerprint data constitutes the “contents” of a message, and therefore not available to law enforcement without a warrant, or equivalent to a “subscriber number or identity,” which law enforcement could obtain without a warrant.
Franken concluded his letter by noting, “I'm not trying to discourage adoption of fingerprint technology for consumer mobile devices. If adopted with strong safeguards, this technology could prove to be convenient and beneficial. Rather, my goal is to urge companies to deploy this technology in the most secure manner reasonable—and create a public record around how companies are treating sensitive biometric information.”
For the short term, I guess the message is, don't rely on fingerprint scanning alone to secure your devices.