
Fingerprints on Mobile Devices: Abusing and Leaking [pdf] - ghosh
https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf
======
chmike
Fingerprints is really a bad authentication tool.

~~~
Albuca
Well, yes and no. In the grand scheme of things, sure, there are more
effective and secure methods of authentication. But like anything, you have to
weigh security vs. usability. If you make things too secure (read: complex)
then users won't use it.

There is also a huge difference between the $15 fingerprint reader you buy off
of Amazon, and the "professional" scanner found in enterprise/secure devices
(which in my experience, consist of a high resolution camera combined with
software that detects (and looks for) movement of the finger on the scanner,
"flattening" of the finger as its placed on the glass, among other things).

Further, there is the inherent need for someone (user or malicious person) to
be on-site to present the biometric, as opposed 'remote' access using a
username/password combination.

Like anything however, you also need to protect the core infrastructure, as
well as the end-user interface. All authentication methods are useless if
someone has direct access to the authentication server.

Just my $0.02

