In the past few years, we've seen a growing number of devices that support fingerprint readers for device authentication purposes. Apple added a fingerprint sensor to its phone starting with the iPhone 5S, and now that Android M will support fingerprint sensors natively, we're about to see a much bigger adoption in fingerprint sensors for Android smartphones, as well.
Synaptics, the company that gave the Galaxy S5 its swipe "Match-on-Host" fingerprint sensor, announced a new "Match-in-Sensor" solution that should drastically improve the security of fingerprint authentication.
This solution contains its own processor and storage so the fingerprint data doesn't need to leave the Match-in-Sensor at all. It also doesn't need to interact with the host OS and processor, which is typically a vector that could expose it to malware attacks.
Ritu Favre, senior vice president and general manager, Biometric Products Division at Synaptics, gave Tom's Hardware a few more details about how the fingerprint data is protected inside the isolated sensor, so that even if someone steals your device, they can't get your fingerprint data.
“The literal fingerprint image is not stored in the sensor, or anywhere else," she said. "A template of the fingerprint, which is an abstract representation based on the features of the fingerprint that are used by the matching algorithms to determine a match score, are stored in secure memory on the fingerprint sensor module."
In regard to host OS-to-sensor module communication, she added:
“The fingerprint data--the templates and images--are not communicated with the OS. This helps increase resistance to hacking. What is communicated between the sensor and host, via encrypted channels, is the match score. A higher score indicates a closer match to the template, a lower score indicated a poor match."
The company's previous solution, Match-on-Host, along with all of the other smartphone fingerprint readers on the market (including Apple's Touch ID and Qualcomm's upcoming Sense ID solution) kept the fingerprint data in an isolated domain, which still lives on the host processor. Although this solution should be relatively secure by today's standards, it's still far from impenetrable. Malware that has escaped sandboxes, VMs and other types of "secure domains" have existed before and will likely continue to exist, even if they are usually quite rare.
Keeping the fingerprint data completely separated from the host processor and OS should decrease the attack surface by a significant margin. As the mobile industry moves to supporting fingerprint authentication for more sensitive information such as mobile payments, logging into third party websites, and so on, this data will become increasingly more valuable to attackers. That's why it's probably wise that all fingerprint sensor makers move to adopting a solution similar to Synaptics' Match-in-Sensor.
As this sort of solution will need its own storage and SoC, it's likely to cost more, but the increased value it offers in security should more than make up for the expense. Most smartphone users would probably be happy to pay a few extra dollars for their devices if it means their credit card data is much more secure. Therefore, it will be up to device makers to start believing the same thing and demand similar physically isolated sensor modules from their fingerprint reader suppliers.
At the same time, security is not the only factor that users will appreciate. A fast and accurate response from the fingerprint sensor is still quite important if it is to be used at all by smartphone owners. Swipe sensors, such as the Synaptics sensors, have historically not been as good as touch sensors (such as Touch ID or the Galaxy S6's sensor) in regard to this issue.
Synaptics said that its sensor has a False Rejection Rate (FRR) of 3 percent and a False Acceptance Rate of 1 in 50,000, which in theory looks quite good, but it remains to be seen how it will work in practice.
There are also other types of innovations that are worth considering, such as moving to ultrasonics-based fingerprint sensors, which would allow for a decreased response time in different conditions (dirty, wet or oily fingers). It would also enable smartphone makers to put the sensor completely behind a smartphone's screen and obviate a physical home button, as that either wastes bezel space or is too small to be sufficiently accurate.
Ultrasonic fingerprint sensors also promise to scan a better "3D" model of the fingerprint than touch or swipe sensors. This makes it much harder to use a "spoofed" fingerprint against it.
Synaptics' completely isolated Match-in-Sensor introduces a novel security solution in the fingerprint reader market, which should be adopted by other companies as soon as possible. At the same time, Synaptics, as well as other fingerprint sensor makers, will need to adopt new ideas from competitors that make fingerprint sensors easier to use and better protect against spoofing, too.