May 30, 2017 -
Synaptics executive Godfrey Cheng discussed in a recent blog post the importance of encrypted fingerprint sensors and how using a device that does not have this component could result in the theft of your fingerprint image, which could potentially lead to the breach of all your devices.
Cheng, vice president of marketing, writes that using a notebook with an unencrypted sensor makes you more vulnerable to having your fingerprint image and master-key stolen.
Would-be thieves can potentially create spoofs or print fake images of your fingerprint with an inkjet printer to gain access to the notebook as well as all the personal texts and photos stored on your phone.
Cheng explains that a thief can also gain access to your notebook at any time through a replay attack, which allows the perpetrator to use the stolen fingerprint image to inject or replay the image back into the computer.
Upon unlocking the computer remotely, the thief would have full access to the device’s data and all its corporate network access services.
The attack can also be expanded to power control circuitry, which would allow a thief to power on the system remotely and turn it off without the knowledge of the owner.
In order to prevent these attacks from occurring, Cheng recommends that consumers use encrypted fingerprint sensors, such as the SentryPoint suite of security features for Synaptics’ fingerprint sensors. The security features are backed by SecureLink, which enables a strong TLS 1.2 / AES-256 encryption from the sensor to host.
In addition, Synaptics’ PurePrint technologies can detect real fingers and spoofs. Through its modular software architecture, Synaptics is able to update its PurePrint drivers to include new threats as they emerge.
The company’s Match-in-Sensor technology ensures that the fingerprint template is securely matched on the sensor silicon itself, which “limits the data transfer to the host as a simple yes/no communication” as well as encrypts the match result.