Al Franken might be a Senator from Minnesota, but most of you might remember him from his days as a Saturday Night Live funnyman. Or perhaps the mere mention of his name brings to mind the gorilla trainer role he had in the Eddie Murphy-Dan Akroyd film Trading Places
. Now a politician, Franken seems to have a thing about fingerprint scanners. When the Apple iPhone 5s
rolled out with Touch ID last September, Franken wanted to hear more from Apple about whether the fingerprints obtained by the iPhone are stored by Apple.
Now, it is Samsung's turn to face the wrath of Franken. In a letter written to the company abut the fingerprint scanner on the Samsung Galaxy S5
, the Senator asks a number of questions about where the fingerprint data will be stored, and if third parties will have the opportunity to (pardon the pun) get their hands on this information. Franken also points out the difference between Touch ID and Sammy's biometric feature. While Touch ID allows five failed attempts before a password prompt appears, Samsung's fingerprint scanner allows for unlimited attempts.
Franken also points out that while Touch ID is used to unlock an iPhone and open certain Apple apps, the Galaxy S5 scanner can be used in lieu of a password. That means that a hacker might be able to steal your identity and secure a Pay Pal transfer to his account by using your hijacked fingerprint data.
"Fingerprints are the opposite of secret. You leave them on countless objects that you touch throughout the day: your car door, a glass of water, even the screen of your smartphone. And unlike passwords, fingerprints cannot be changed. If hackers get hold of a digital copy of your fingerprint, they could use it to impersonate you for the rest of your life, particularly as more and more technologies start relying on fingerprint authentication...Initial reports also suggest that the Galaxy S5 may raise security concerns that Touch ID does not. The Galaxy S5 fingerprint scanner reportedly allows for unlimited authentication attempts without a password prompt, whereas Apple's Touch ID requires a password after only five failed attempts. Furthermore, while Touch ID can be used only to unlock a device and to access certain tightly monitored Apple apps, Galaxy S5 appears to allow any app to use the fingerprint scanner instead of a password. This means that you can use the Galaxy S5 fingerprint scanner to send money on PayPal and access your password app; unfortunately, it likely means that bad actors who spoof your fingerprints can do that, too. This broader access to the scanner could potentially allow third parties to access sensitive information generated by the technology."-Senator Al Franken, Minnesota
The Senator wants to know what Samsung's future plans are for the biometric security feature, and wants Samsung to assure that it won't do anything improper with information generated by the fingerprint scanner. If you read through Franken's letter (you can read it in its entirety on Franken's U.S. Senate website) you get the feeling that this is a serious matter for him. Identity fraud is nothing to joke about.
(Al Franken) via AndroidCentral