Fingerprint

Synaptics warns that fingerprint spoofing makes laptops vulnerable

In the wake of the WannaCry ransomware computer virus attack, here’s one more thing to worry about. The fingerprint identification systems that some modern laptops employ to recognize users can be easily compromised with a spoofing process.

Synaptics, which makes fingerprint identification sensors and touchpad technology, earlier this month issued a warning that some computer makers, seeking to save about 25 cents per machine, have chosen to use insecure smartphone fingerprint sensors instead of more secure laptop sensors, said Godfrey Cheng, vice president of product for the Santa Clara, Calif.-based company, in an interview with VentureBeat.

“Fingerprint identification has taken off because it is secure and convenient when it’s done right,” he said. “When it’s not secure all of the way through, then that’s an exposure that an attacker can exploit.”

The smartphone fingerprint sensors typically use unencrypted methods to store and send the fingerprint to a central processing unit (CPU) for processing. That makes the data vulnerable to snooping software and other hacks. Synaptics sensors, by contrast, use encryption and a secondary host processor to do the recognition work.

That encryption makes it a lot harder for hackers to copy the fingerprint and use it to unlock a computer remotely, Cheng said. Synaptics will demo the fingerprint insecurity at the Computex trade show in Taiwan this week.

The insecure fingerprint sensors are disturbing because modern laptop users are conditioned to believe that fingerprints are unique and are much safer than passwords. This is largely true, but a laptop manufacturer’s choice in sensors can potentially lead to the theft of your fingerprint image. That makes a user’s laptop secrets vulnerable, as well as those of an entire enterprise, if it’s a work computer.

“There are two types of fingerprint sensors in the notebook market today,” Cheng said. “Those that are encrypted and safe, and those that are unencrypted and unsafe.”

Cheng showed that thieves can use typical phishing methods to take control of your computer and can plant a software program to sniff out your fingerprint when you use the laptop’s fingerprint scanner. Once…

Futuristic New Mastercard Includes a Built-In Fingerprint Scanner

You can put down the pen and forget your PIN with Mastercard’s newest credit card. As The Verge reports, the company is testing out a credit card with a built-in fingerprint scanner that allows customers to authorize their payments with the swipe of a digit—no PIN or signature necessary.

The new Mastercard is just as slim as a regular one, and it works with all existing chip-and-PIN readers. To get one of the fancy new cards, you’ll need to register at a branch. Your fingerprint will then be converted into an encrypted digital template, which is stored on the card. To use the card, you’ll just dip it into a store’s card reader as normal. But instead of entering a PIN, you’ll be prompted to place a finger or thumb on the embedded sensor on the card’s top right corner in order to…