Is biometric authentication really safe?

It has long been routine for many smartphone users to move their fingers over the surface or press their thumb on the round field. The screen is unlocked. Owners of newer devices can also look into a 3D camera, in which a sensor detects the eye or the whole face. Fingerprint Scan or Face Detection – such biometric authentication systems are handy. Among other things, they ensure that consumers no longer have to remember a hundred PINs and passwords, which are often easy to circumvent.

More security through 3D images

Biometric sensors are getting better and better. The Munich-based chip manufacturer Infineon, for example, uses sensors with the so-called time-of-flight technology (ToF) in the new smartphones from the manufacturer LG. A camera captures infrared light that is emitted by a transmitter and reflected by the scanned object. The light can penetrate the blood vessels in the hand and is reflected by the hemoglobin in the blood. The sensor creates a unique “map” of the hand that unlocks the smartphone. According to LG, this method is supposed to be even safer than Apple’s FaceID technology, which also creates a 3D image of the face using infrared light. With a simple 2D photo of the owner, the smartphone can no longer crack.

Why nobody needs the air gesture control of the new LG G8

“Simple systems such as 2D cameras or fingerprint sensors could be outsmarted,” says Peter Laackmann, security strategist for digital security solutions at the Munich-based chip manufacturer Infineon. “Newer methods such as the three-dimensional face recognition offer much greater security.” But one hundred percent can guarantee this with no system.

It was not until the end of last year that hackers at the Chaos Computer Club (CCC) tricked out a sensor that could detect and assign the vein structure under the hand, even if experts had considered it an outdated device that was not up to date Technology was.


Samsung Galaxy S9

✔Stunning picture quality
✔ Designed for the hand
✔Locking by face and iris recognition

Authentication when paying

Nevertheless, biometric authentication methods are becoming more and more popular in Germany too, because they promise comfort and security. Nearly 90 percent of Germans would authorize cashless payments by fingerprint, the digital association Bitkom has determined in a survey a few days ago. “In the previous year, there were only 80 percent,” said the association. And these procedures have arrived in reality. Payment processes such as Apple Pay, Google Pay or in banking apps have long been on a biometric release of transactions.

It is also an important growth area for industry. The same sensors that companies such as Osram and Infineon are developing for autonomous driving, among others, are increasingly being used for biometric procedures in smartphones or laptops. Specialized market research firm Acuity Market Intelligence estimates that global biometric mobile application revenues will nearly double from currently $ 26 billion by 2022. This includes sales of hardware and software.

So you’ll never forget your passwords again soon

And the sensors can measure more than fingerprints, faces and eyes. For a long time, they have also identified people by their gait or their movements. In the meantime, said venous scanners also recognize whether blood is flowing through these veins or whether someone is holding out a lifeless hand dummy for them. “All physical characteristics have been researched and at least tentatively recorded,” says Florian Kirchbuchner, Head of Smart Living & Biometric Technologies at the Fraunhofer Institute for Computer Graphics Research (IGD) in Darmstadt.

In this way, ideally, people can be clearly identified. Employees of a company, for example, who, once recognized in the corridor, gain access to their workplace. The advancing technical safety can be further increased by combining different processes.

Protection of sensitive data

But the resulting data is sensitive. “With the movement patterns gained in this way, it is also possible to draw conclusions about our behavior, our preferences, or even our emotions,” says Kirchbuchner. Especially when such techniques are installed in the home – whether for protection against burglars, or for medical purposes, such as the monitoring of dependent residents.


Apple iPhone XR

✔Cable charging (with Qi chargers)
✔Face ID for secure authentication
✔Water and dust protection

The protection of these data must be guaranteed, says Kirchbuchner. An important measure is, for example, not to store raw data, so no photos or audio recordings of the vote. For example, Apple does not store fingerprint images on its “TouchID” system, only mathematical representations of it. An actual fingerprint can not be derived from this data. Even if the data were hacked, it would not be possible to identify the user.

These measures should further increase the acceptance of biometric procedures. The hardware is available. In the development of the software, however, says Kirchbuchner, research and industry still face great challenges. Detection algorithms and, of course, security have to be constantly evolving. Good news for the industry.