Is Biometric authentication on smartphones secure?
No answer is universally correct but here’s two use-cases so you can pick which is more appropriate for you.
- you’re on the train and there are baddies looking for victims. It’s fairly easy for them to eavesdrop your PIN and then steal your phone, get in and sell your personal data & passwords.
- On the other hand - if FBI needs to get a PIN to a locked phone, they may call an Israeli high-security start-up, pay tens of thousands of dollars to unlock it.
- back on the train - it would be pretty hard and risky for low-skilled baddies to unlock your phone without using some hackers to get a printout of your fingerprint, invert it, create a latex film …
- FBI will have no problem whatsoever, to get your fingerprint, create a latex copy and unlock the phone.
PIN attacks have zero initial costs and can be instant. Fingerprint attacks will costs hundreds of dollars and some time. So the question is what is the pay-off and what the bad guys are after. :)