Quantity vs quality
Today, Apple puts Touch ID sensors in almost all devices (with the exception of the iPod Touch line), while manufacturers of Android smartphones were able to access the necessary API only with the release of Android 6.0, which now runs about 15% of devices. Let's try to find out how secure the fingerprint authentication method is and whether it makes practical sense to use it.
In keeping with the historical order, we'll probably start with Apple.
Touch ID and Secure Enclave: a sweet couple
Once a problem for Apple, which was already starting to pay attention to data security at that time, was that users for the most part did not want to protect their own devices in any way. Enter a PIN code to unlock your phone? This is long and inconvenient. After looking at the situation, Apple decided not to force people to use lock codes, but simply to simplify the unlocking process as much as possible. The main idea of Touch ID technology is not to make your particular device safer. The idea is to make security quite convenient and attractive for the majority of users. And the company has achieved its goal.
Touch ID is a unique software and hardware complex, and the word "unique" here does not carry an advertising connotation: each sensor is configured to work with a specific device during the production process. Do you remember the "error 53" scandal? It was this feature that became a stumbling block that blocked the operation of devices with a fingerprint sensor replaced in artisanal conditions.
Where are your fingerprints stored?
It would seem that the need to store fingerprint data in the form of a one-way hash function is obvious, but it only seems to you: the developers of HTC One Max decided that you can store fingerprints in the form of pictures in the most ordinary folder in the device's memory. No matter what HTC developers think, Apple engineers did not make such a mistake: the scanned fingerprint is passed through a hash function and stored in Secure Enclave, a microcomputer protected from external access. Separately, I note that this data does not get into iCloud and is not transmitted to the company's server.
Interestingly, even one-way fingerprint hash functions are encrypted, with encryption keys calculated at device boot time based on a unique hardware key (which is also stored inside Secure Enclave and cannot be extracted from there) and a lock code that the user enters. Decrypted fingerprint data is stored only in the device's RAM and is never saved to disk. At the same time, the system occasionally deletes fingerprint data even from the device's RAM, forcing the user to log in using a lock code (which, we remind you, will allow the system to decrypt fingerprint data and resume operation of the Touch ID sensor).
When and why does iOS delete fingerprint data from RAM?
Perhaps the most interesting thing about the iOS security system is precisely the question of under what circumstances iOS will delete fingerprint data from the device's RAM and force the user to re-log in using the unlock code. But first, let's think about why Apple even needed to periodically remove fingerprints?
The company is well aware (and understood three years ago) that any biometric system can be deceived. Yes, Apple has developed excellent fingerprint scanners, which are not as easy to get around as the sensor, for example, Samsung Galaxy S5. But you can still do it. In the end, the owner can be forced to put his finger to unlock the phone — but under the American legal system, this requires a warrant, which takes time to get... after which the phone will delete fingerprint data from memory and will not allow you to unlock the device by fingerprint.
Does that sound like a stretch? Smacks of conspiracy theory? No, it's just that Apple really didn't like the attempt of pressure from law enforcement agencies, in response to which it introduced this measure: Apple adds another rule forcing iPhone and iPad users to employ a passcode to unlock their device.
But let's not get distracted, and look carefully at the conditions under which the system blocks the operation of Touch ID and forces you to log in using the lock code. The Touch ID sensor is turned off and fingerprint data is deleted from the device's memory if any of the following conditions are met:
How to bypass the fingerprint scanner
If we are talking about hacking Touch ID, then it is difficult to deceive the sensor, but it is possible. To deceive modern sensors, you will have to create a three-dimensional model of your finger, and from the right material. On older devices (iPhone 5s, iPad mini 3), bypassing the sensor is noticeably easier. For example, a team of German hackers was able to detect the iPhone 5s sensor two days after the device entered the market, simply printing out the original fingerprint with a resolution of 2400 dpi.
But before you start modeling the fingerprint, you need to take care of the safety of data on the device, as well as that the fingerprint data does not have time to "rot".
You need to act clearly and quickly: you don't have much time.
How to use it?
Let's say you managed to trick the fingerprint sensor. What's next? iOS is a closed system, and all the device's memory will be encrypted. Options?
Result
Apple was able to create a complete and very successful protection scheme from the first attempt. The fingerprint sensor fits well into the overall concept. It is impossible to bypass this protection programmatically, the hacker has very little time for any attempts to deceive the sensor, and the result on new devices is not guaranteed. Clearly — the company has achieved its goal.
Fingerprints and Android
Let's move on to the study of fingerprint authentication in devices running Android. Having analyzed a very successful implementation from Apple, let's take a close look at the state of Affairs in the camp of competitors.
Google Android 4. x-5.1.1: everything is very sad
The first devices with built-in fingerprint sensors began to appear quite a long time ago, back in the days of Android 4.4.today there are already a lot of them: Samsung Galaxy S5, S6, S7, Motorola Moto Z, Sony Xperia Z5, LG G5, Huawei Ascend Mate 7 and subsequent, Meizu Pro 5 and this is not all. But not every device uses the fingerprint sensor correctly. This is primarily due to the fact that up to Android 6.0, the system did not have a universal API for fingerprint authentication. If there is no API, there are no formal Compatibility Definition requirements, and, accordingly, there is no certification from Google.
In the complete absence of external control, manufacturers have built up such a thing... in a terrible dream you will not dream. For example, the developers of HTC One Max externally passed the exam on the course "Android in 21 days" and implemented a wonderful system that stores full-fledged copies of fingerprints in a publicly available catalog in uncompressed (not to mention encrypted) format. Perhaps there is no need for instructions on how to "hack" this system. Let me just clarify that the data is stored in the file /data/dbgraw.bmp, and for your convenience, the access permission is set to 0666.
This is not an isolated example. Samsung Galaxy S5 came out with Android 4.4 on Board. Soon, hackers managed to gain access to the fingerprint scanner and successfully bypass the protection.
Before the release of the sixth version of Android, manufacturers managed to release a lot of devices to which fingerprint sensors were illiterate. It's not even interesting to break them, everything is so depressing there. It is clear that Google could not tolerate such a situation for a long time. They didn't.
Android 6.0: Fingerprint API и Nexus Imprint
With the release of Android 6.0, Google not only developed its own API for fingerprint authentication, but also updated the Compatibility Definition Document, which all manufacturers who want to certify their devices for installing Google services must follow (this is a very important point, more on it later).
Two reference devices were released at once: the Nexus 5X and the Nexus 6P. They include both non-disabling encryption of the data section, and the correct implementation of fingerprint sensors, called Nexus Imprint.
So, what does Google require from manufacturers to obtain a certificate of compliance? Unlike the situation with mandatory encryption on Android 5.0, this time the list of requirements does not allow for double interpretations. Let's translate an excerpt from the official document.
7.3.10. fingerprint Sensor
For devices that can use a screen lock, we RECOMMEND using a fingerprint sensor. Requirements for devices equipped with such a sensor and providing API access to third-party developers:
In another part of the document, it is required to enable encryption when using a secure screen lock (including a fingerprint sensor). As you can see, in theory things are not bad. What's the real deal?
Android Smart Lock
But in fact, Android still has a number of gaping security holes that allow you not just to bypass, but to bypass all these fingerprints and passwords at once. One of these holes is the Android Smart Lock system, which allows you to automatically unlock your phone if certain external factors coincide. For example, many users allow automatic home unlocking, forgetting that the positioning accuracy is far from perfect and the concept of "home" for the phone will cover an 80-meter radius. Many people activate unlocking with a trusted Bluetooth device or enable pseudo-biometric unlocking based on a face image (it is quite easy to demonstrate a video clip or a three-dimensional model).
Interestingly, there is no need for a Smart Lock if there is a functioning fingerprint sensor: the screen is turned on and unlocked at the touch of a single button anyway. Why is there no requirement in Compatibility Definition to disable Smart Lock when the fingerprint sensor is active? Riddle. But you can use this system to unlock your device. Just keep in mind that Smart Lock will not be active immediately after the device is rebooted; to activate the system, the device will need to be unlocked with a password or pattern at least once.
Our Chinese friends
And what about the numerous Chinese phones that also come with fingerprint sensors? Everything is very different there.
Above, we talked about Google's requirements set out in the Android Compatibility Document. If a manufacturer wants to certify their devices for installing Google services on them, their device running a specific firmware version must be certified in one of the laboratories.
In China, Google is banned, and many semi-basement manufacturers are not going to bother with unnecessary certifications at all. Yes, you yourself know what firmware devices from China often come with. For the sake of performance, encryption is usually not enabled even in firmware based on Android 6.0, and the bootloader is not blocked in principle (in the case of MediaTek processors) or can be easily unlocked. Accordingly, whether there is a fingerprint sensor or not does not play the slightest role.
Even if encryption is enabled by the user (unlikely in the case of cheap devices, but still), the user has no guarantee that the fingerprint sensor is integrated correctly. This is especially true for devices that were sold with Android 5 and earlier versions on Board, and the update to the 6th version of Android was received later.
There are exceptions to this rule. All international models of Huawei and Lenovo are necessarily certified by Google (but this cannot be said about specifically Chinese models). The situation with LeEco smartphones, which are sold in China and are trying to conquer foreign markets, is interesting. In the case of LeEco, both purely Chinese and international firmware versions often exist for the same model. They differ not only in the pre-installed Google Play store, the list of available languages, and the presence/absence of"Chinese garbage". In the case of international firmware versions (India, USA, Russia), the company formally certifies the device for installing Google Play Services.
In particular, in international leeco firmware based on Android 6.0 (for example, for Le2 Max), encryption of the data section is activated (and not disabled) in full compliance with the requirements of the Android Compatibility Document. Many users perceive this as an inconvenience, and they try to switch from such firmware to something else based on Chinese builds, which in light of the unlocked bootloader completely devalues the entire security model.
How to hack a fingerprint scanner
Hacking the fingerprint sensor for Android involves simulating a finger, with which you can unlock your smartphone. How detailed and high-quality the simulation should be, and what material it is made of, depends on the technology on which the sensor of a particular smartphone model is built.
So, it is useless to try to deceive ultrasonic sensors with a high-resolution print printed on special conductive paper — but standard capacitive scanners can be outsmarted in this way.
But the ultrasonic sensor is deceived using a finger printed on a 3D printer, and the material does not matter much. Finally, almost any sensor will take for a real false fingerprint, made of a thin layer of conductive material and worn over the finger.
Probably, the fact that to unlock a phone equipped with a fingerprint sensor, you can use the finger of a sleeping, unconscious person or even a corpse (the police use this method constantly), there is no need to mention.
But the fact that in some countries governments collect databases of fingerprints of their own and not only their citizens (have you ever received an American visa?), it is necessary to mention. And if now legal restrictions do not allow using these databases to unlock phones simply on suspicion, then in the future I will not give such a guarantee.
Comparison with Touch ID
Directly compare the security of Apple Touch ID with the situation in the Android world will not work: if Apple has only a few devices, then Android smartphones, on the contrary, are too many. They can use a wide variety of sensors based on a variety of technologies (from capacitive and optical to ultrasonic). Different bypass technologies are selected for different sensors. For example, for the Samsung Galaxy S6, a feint with unlocking the phone with a finger model printed on a 3D printer made of the most ordinary plastic works quite well (with Apple Touch ID, such a simple trick will not work; for printing, you will need to use a material that has special properties). Some other devices are easily deceived by high-resolution images printed out.
But the comparison with the Nexus Imprint makes perfect sense. In the Nexus 5X and 6P, Google took an exemplary approach to security. This is both non-disabled encryption of the data section, and competent integration of fingerprint sensors, and the sensors themselves are not selected anyhow.
Third-party devices may use insufficiently secure sensors, or they may have blatant security holes (despite formally meeting the requirements of the Android Compatibility Definition).
How to protect yourself from hacking the fingerprint scanner
Read the article and firmly decided to disable the ill-fated sensor in your device, using a complex alphanumeric password instead? Take your time. It's not really that bad. In the case of relatively modern Apple devices (starting with the iPhone 6, iPad mini 4, iPad Air), hacking the fingerprint sensor does not threaten you: even if your fingerprint can be scanned in high enough resolution, the attacker will have very little time to use it. Law enforcement agencies can force you to unlock your phone with a fingerprint (and unlike unlocking with a password, they have every right to do so), but for this action they will need to get a special warrant, which will specify the entire procedure. To get a warrant, you need time for which the fingerprint data in your iPhone will have time to "go bad".
But if you have an Android smartphone. Enable encryption. Without it, the data from your phone will be drained without any sensors. Disable Smart Lock-it's a gaping security hole. Make sure that your device is certified by Google and runs Android 6.0 or newer. If this is not the case, I would disconnect the sensor out of harm's way. Finally, don't be too lazy to search for information about whether the fingerprint sensor for your device was hacked and if it was it's easy or difficult to do it. Make a decision depending on how much you personally are satisfied with the complexity of hacking a fingerprint sensor by a potential attacker on your device.
Conclusion
Fingerprint authentication is not a panacea. Its main purpose is not to make your particular device more secure, but to reduce the inconvenience associated with securely locking your phone, and thus convince the bulk of users to still lock their devices. Apple did it. In Android, the situation is more complicated: the Nexus Imprint reference system works perfectly, almost completely copying Touch ID methods. Other manufacturers are not doing so well. The quality and security of sensors are sometimes questionable, and in devices running Android 5.1 and earlier versions, fingerprint sensors remain an open security hole. In the case of Chinese devices with an unlocked bootloader, the presence of a fingerprint sensor will not worsen the already missing security in any way (however, it can also worsen: if the phone that has fallen into your hands is turned on and the data section is encrypted, then cheating such a sensor is a great way to bypass encryption).
Today, Apple puts Touch ID sensors in almost all devices (with the exception of the iPod Touch line), while manufacturers of Android smartphones were able to access the necessary API only with the release of Android 6.0, which now runs about 15% of devices. Let's try to find out how secure the fingerprint authentication method is and whether it makes practical sense to use it.
In keeping with the historical order, we'll probably start with Apple.
Touch ID and Secure Enclave: a sweet couple
Once a problem for Apple, which was already starting to pay attention to data security at that time, was that users for the most part did not want to protect their own devices in any way. Enter a PIN code to unlock your phone? This is long and inconvenient. After looking at the situation, Apple decided not to force people to use lock codes, but simply to simplify the unlocking process as much as possible. The main idea of Touch ID technology is not to make your particular device safer. The idea is to make security quite convenient and attractive for the majority of users. And the company has achieved its goal.
Touch ID is a unique software and hardware complex, and the word "unique" here does not carry an advertising connotation: each sensor is configured to work with a specific device during the production process. Do you remember the "error 53" scandal? It was this feature that became a stumbling block that blocked the operation of devices with a fingerprint sensor replaced in artisanal conditions.
Where are your fingerprints stored?
It would seem that the need to store fingerprint data in the form of a one-way hash function is obvious, but it only seems to you: the developers of HTC One Max decided that you can store fingerprints in the form of pictures in the most ordinary folder in the device's memory. No matter what HTC developers think, Apple engineers did not make such a mistake: the scanned fingerprint is passed through a hash function and stored in Secure Enclave, a microcomputer protected from external access. Separately, I note that this data does not get into iCloud and is not transmitted to the company's server.
Interestingly, even one-way fingerprint hash functions are encrypted, with encryption keys calculated at device boot time based on a unique hardware key (which is also stored inside Secure Enclave and cannot be extracted from there) and a lock code that the user enters. Decrypted fingerprint data is stored only in the device's RAM and is never saved to disk. At the same time, the system occasionally deletes fingerprint data even from the device's RAM, forcing the user to log in using a lock code (which, we remind you, will allow the system to decrypt fingerprint data and resume operation of the Touch ID sensor).
When and why does iOS delete fingerprint data from RAM?
Perhaps the most interesting thing about the iOS security system is precisely the question of under what circumstances iOS will delete fingerprint data from the device's RAM and force the user to re-log in using the unlock code. But first, let's think about why Apple even needed to periodically remove fingerprints?
The company is well aware (and understood three years ago) that any biometric system can be deceived. Yes, Apple has developed excellent fingerprint scanners, which are not as easy to get around as the sensor, for example, Samsung Galaxy S5. But you can still do it. In the end, the owner can be forced to put his finger to unlock the phone — but under the American legal system, this requires a warrant, which takes time to get... after which the phone will delete fingerprint data from memory and will not allow you to unlock the device by fingerprint.
Does that sound like a stretch? Smacks of conspiracy theory? No, it's just that Apple really didn't like the attempt of pressure from law enforcement agencies, in response to which it introduced this measure: Apple adds another rule forcing iPhone and iPad users to employ a passcode to unlock their device.
But let's not get distracted, and look carefully at the conditions under which the system blocks the operation of Touch ID and forces you to log in using the lock code. The Touch ID sensor is turned off and fingerprint data is deleted from the device's memory if any of the following conditions are met:
- the phone is turned off or restarted;
- the user adds data from another finger;
- the phone receives a remote lock command via Find My iPhone;
- there were five consecutive unsuccessful fingerprint unlock attempts;
- the device was never unlocked for two days;
- anti-police: more than six days have passed since the last time you entered the lock code, and the device itself has not been unlocked by the Touch ID sensor for the last eight hours.
How to bypass the fingerprint scanner
If we are talking about hacking Touch ID, then it is difficult to deceive the sensor, but it is possible. To deceive modern sensors, you will have to create a three-dimensional model of your finger, and from the right material. On older devices (iPhone 5s, iPad mini 3), bypassing the sensor is noticeably easier. For example, a team of German hackers was able to detect the iPhone 5s sensor two days after the device entered the market, simply printing out the original fingerprint with a resolution of 2400 dpi.
But before you start modeling the fingerprint, you need to take care of the safety of data on the device, as well as that the fingerprint data does not have time to "rot".
You need to act clearly and quickly: you don't have much time.
- So, you got your hands on a phone in an unknown condition. Don't touch the Touch ID button! If your phone is locked (and it is most likely locked), you will waste one attempt out of five. Check the device status by pressing the power button briefly.
- If the device is blocked, isolate it from external radio networks by placing it in a Faraday cage (at home, its role will be performed by a regular microwave oven. The microwave is turned off!). Do not forget to put it on charge, even if the external battery will perform its role. All this is done in order to protect the device from commands using the Find My iPhone Protocol, which will allow you to both remotely block the device and destroy its contents. (Do you think these measures are obvious? As if not so! Science knows of at least two sensational cases where police allowed remote destruction of data from already confiscated devices.)
- But if the device is unlocked, it is in your power not to let it lock the screen. To do this, simply disable automatic blocking (unlike the procedure for removing the lock code, you don't need to enter any code to disable automatic blocking).
- If the device was locked, you have a maximum of 48 hours (actually less) to try to trick the fingerprint sensor.
- Please note: all manipulations with the device must be carried out exclusively in an environment protected from radio waves (Wi-Fi and cellular networks). A couple of seconds are enough to trigger Find My iPhone.
- If you managed to trick the fingerprint sensor, disable the automatic screen lock (see point 3). Keep in mind that attempts to add another fingerprint in the settings or change the lock code will not work — for these operations, the system will always require you to enter the code.
How to use it?
Let's say you managed to trick the fingerprint sensor. What's next? iOS is a closed system, and all the device's memory will be encrypted. Options?
- Installing jailbreak: no. To crack a 64-bit iPhone or iPad, you will need to enter the lock code anyway (and in some cases, disable the lock code in the settings).
- Physical data extraction: you can try it. If the jailbreak is already installed, you can extract most of the data, but you can't decrypt the keychain. But if there is no jailbreak, then nothing can be done you will need a lock code to install it.
- iCloud: maybe. Once you unlock your device, you can force it to save a fresh backup to iCloud (Settings –> iCloud –>> Backup –>>> Backup now). Remember, however,that to extract this data from the cloud, you will need an Apple ID password, and if two-factor authentication is activated in the account, then access to the second factor (which, however, can be the device under study). Important point: you will have to connect the device to Wi-Fi, as a result, instead of a backup copy, the device may receive a command to block or destroy data.
- But if it is not installed-be sure to install your own! The simplest 123 will be quite enough. You can extract all the data from a password encrypted backup, and all the data from an unencrypted backup, except for the keychain. Since the keychain stores all the most interesting things, it will be very useful to set a temporary password before making a backup.
Result
Apple was able to create a complete and very successful protection scheme from the first attempt. The fingerprint sensor fits well into the overall concept. It is impossible to bypass this protection programmatically, the hacker has very little time for any attempts to deceive the sensor, and the result on new devices is not guaranteed. Clearly — the company has achieved its goal.
Fingerprints and Android
Let's move on to the study of fingerprint authentication in devices running Android. Having analyzed a very successful implementation from Apple, let's take a close look at the state of Affairs in the camp of competitors.
Google Android 4. x-5.1.1: everything is very sad
The first devices with built-in fingerprint sensors began to appear quite a long time ago, back in the days of Android 4.4.today there are already a lot of them: Samsung Galaxy S5, S6, S7, Motorola Moto Z, Sony Xperia Z5, LG G5, Huawei Ascend Mate 7 and subsequent, Meizu Pro 5 and this is not all. But not every device uses the fingerprint sensor correctly. This is primarily due to the fact that up to Android 6.0, the system did not have a universal API for fingerprint authentication. If there is no API, there are no formal Compatibility Definition requirements, and, accordingly, there is no certification from Google.
In the complete absence of external control, manufacturers have built up such a thing... in a terrible dream you will not dream. For example, the developers of HTC One Max externally passed the exam on the course "Android in 21 days" and implemented a wonderful system that stores full-fledged copies of fingerprints in a publicly available catalog in uncompressed (not to mention encrypted) format. Perhaps there is no need for instructions on how to "hack" this system. Let me just clarify that the data is stored in the file /data/dbgraw.bmp, and for your convenience, the access permission is set to 0666.
This is not an isolated example. Samsung Galaxy S5 came out with Android 4.4 on Board. Soon, hackers managed to gain access to the fingerprint scanner and successfully bypass the protection.
Before the release of the sixth version of Android, manufacturers managed to release a lot of devices to which fingerprint sensors were illiterate. It's not even interesting to break them, everything is so depressing there. It is clear that Google could not tolerate such a situation for a long time. They didn't.
Android 6.0: Fingerprint API и Nexus Imprint
With the release of Android 6.0, Google not only developed its own API for fingerprint authentication, but also updated the Compatibility Definition Document, which all manufacturers who want to certify their devices for installing Google services must follow (this is a very important point, more on it later).
Two reference devices were released at once: the Nexus 5X and the Nexus 6P. They include both non-disabling encryption of the data section, and the correct implementation of fingerprint sensors, called Nexus Imprint.
So, what does Google require from manufacturers to obtain a certificate of compliance? Unlike the situation with mandatory encryption on Android 5.0, this time the list of requirements does not allow for double interpretations. Let's translate an excerpt from the official document.
7.3.10. fingerprint Sensor
For devices that can use a screen lock, we RECOMMEND using a fingerprint sensor. Requirements for devices equipped with such a sensor and providing API access to third-party developers:
- Be SURE to declare android support.hardware.fingerprint.
- The full implementation of the fingerprint API is REQUIRED from the Android SDK documentation [Resources, 95].
- It is MANDATORY to have a false positive response rate of less than 0.002%.
- We STRONGLY RECOMMEND a false-negative response rate of less than 10% and a response delay of less than 1 second (for 1 saved fingerprint).
- Be SURE to limit the speed of attempts to a 30-second delay after 5 failed attempts.
- It is MANDATORY to have hardware-based secure storage, and fingerprint verification should be performed exclusively in the Trusted Execution Environment (TEE) zone or on a dedicated processor with a secure communication channel with TEE. (This is where the Samsung S5 got burned, in which there was a problem with a secure communication channel)
- It is MANDATORY to encrypt fingerprint data in such a way that access to it cannot be obtained outside the Trusted Execution Environment (TEE) according to the Android Open Source Project [Resources, 96].
- It is MANDATORY not to allow adding fingerprints without establishing a trusted chain (the user must add or verify the PIN / pattern / password via TEE according to Android Open Source).
- PREVENT third-party apps from distinguishing between individual fingerprints.
- MAKE sure to handle the DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT flag correctly.
- ALL the REQUIREMENTS DESCRIBED ABOVE are MANDATORY when upgrading to Android 6.0, and fingerprint data must either be migrated safely or reset.
- It is ADVISABLE to use the Android Fingerprint icon from the Android Open Source Project.
In another part of the document, it is required to enable encryption when using a secure screen lock (including a fingerprint sensor). As you can see, in theory things are not bad. What's the real deal?
Android Smart Lock
But in fact, Android still has a number of gaping security holes that allow you not just to bypass, but to bypass all these fingerprints and passwords at once. One of these holes is the Android Smart Lock system, which allows you to automatically unlock your phone if certain external factors coincide. For example, many users allow automatic home unlocking, forgetting that the positioning accuracy is far from perfect and the concept of "home" for the phone will cover an 80-meter radius. Many people activate unlocking with a trusted Bluetooth device or enable pseudo-biometric unlocking based on a face image (it is quite easy to demonstrate a video clip or a three-dimensional model).
Interestingly, there is no need for a Smart Lock if there is a functioning fingerprint sensor: the screen is turned on and unlocked at the touch of a single button anyway. Why is there no requirement in Compatibility Definition to disable Smart Lock when the fingerprint sensor is active? Riddle. But you can use this system to unlock your device. Just keep in mind that Smart Lock will not be active immediately after the device is rebooted; to activate the system, the device will need to be unlocked with a password or pattern at least once.
Our Chinese friends
And what about the numerous Chinese phones that also come with fingerprint sensors? Everything is very different there.
Above, we talked about Google's requirements set out in the Android Compatibility Document. If a manufacturer wants to certify their devices for installing Google services on them, their device running a specific firmware version must be certified in one of the laboratories.
In China, Google is banned, and many semi-basement manufacturers are not going to bother with unnecessary certifications at all. Yes, you yourself know what firmware devices from China often come with. For the sake of performance, encryption is usually not enabled even in firmware based on Android 6.0, and the bootloader is not blocked in principle (in the case of MediaTek processors) or can be easily unlocked. Accordingly, whether there is a fingerprint sensor or not does not play the slightest role.
Even if encryption is enabled by the user (unlikely in the case of cheap devices, but still), the user has no guarantee that the fingerprint sensor is integrated correctly. This is especially true for devices that were sold with Android 5 and earlier versions on Board, and the update to the 6th version of Android was received later.
There are exceptions to this rule. All international models of Huawei and Lenovo are necessarily certified by Google (but this cannot be said about specifically Chinese models). The situation with LeEco smartphones, which are sold in China and are trying to conquer foreign markets, is interesting. In the case of LeEco, both purely Chinese and international firmware versions often exist for the same model. They differ not only in the pre-installed Google Play store, the list of available languages, and the presence/absence of"Chinese garbage". In the case of international firmware versions (India, USA, Russia), the company formally certifies the device for installing Google Play Services.
In particular, in international leeco firmware based on Android 6.0 (for example, for Le2 Max), encryption of the data section is activated (and not disabled) in full compliance with the requirements of the Android Compatibility Document. Many users perceive this as an inconvenience, and they try to switch from such firmware to something else based on Chinese builds, which in light of the unlocked bootloader completely devalues the entire security model.
How to hack a fingerprint scanner
Hacking the fingerprint sensor for Android involves simulating a finger, with which you can unlock your smartphone. How detailed and high-quality the simulation should be, and what material it is made of, depends on the technology on which the sensor of a particular smartphone model is built.
So, it is useless to try to deceive ultrasonic sensors with a high-resolution print printed on special conductive paper — but standard capacitive scanners can be outsmarted in this way.
But the ultrasonic sensor is deceived using a finger printed on a 3D printer, and the material does not matter much. Finally, almost any sensor will take for a real false fingerprint, made of a thin layer of conductive material and worn over the finger.
Probably, the fact that to unlock a phone equipped with a fingerprint sensor, you can use the finger of a sleeping, unconscious person or even a corpse (the police use this method constantly), there is no need to mention.
But the fact that in some countries governments collect databases of fingerprints of their own and not only their citizens (have you ever received an American visa?), it is necessary to mention. And if now legal restrictions do not allow using these databases to unlock phones simply on suspicion, then in the future I will not give such a guarantee.
Comparison with Touch ID
Directly compare the security of Apple Touch ID with the situation in the Android world will not work: if Apple has only a few devices, then Android smartphones, on the contrary, are too many. They can use a wide variety of sensors based on a variety of technologies (from capacitive and optical to ultrasonic). Different bypass technologies are selected for different sensors. For example, for the Samsung Galaxy S6, a feint with unlocking the phone with a finger model printed on a 3D printer made of the most ordinary plastic works quite well (with Apple Touch ID, such a simple trick will not work; for printing, you will need to use a material that has special properties). Some other devices are easily deceived by high-resolution images printed out.
But the comparison with the Nexus Imprint makes perfect sense. In the Nexus 5X and 6P, Google took an exemplary approach to security. This is both non-disabled encryption of the data section, and competent integration of fingerprint sensors, and the sensors themselves are not selected anyhow.
Third-party devices may use insufficiently secure sensors, or they may have blatant security holes (despite formally meeting the requirements of the Android Compatibility Definition).
How to protect yourself from hacking the fingerprint scanner
Read the article and firmly decided to disable the ill-fated sensor in your device, using a complex alphanumeric password instead? Take your time. It's not really that bad. In the case of relatively modern Apple devices (starting with the iPhone 6, iPad mini 4, iPad Air), hacking the fingerprint sensor does not threaten you: even if your fingerprint can be scanned in high enough resolution, the attacker will have very little time to use it. Law enforcement agencies can force you to unlock your phone with a fingerprint (and unlike unlocking with a password, they have every right to do so), but for this action they will need to get a special warrant, which will specify the entire procedure. To get a warrant, you need time for which the fingerprint data in your iPhone will have time to "go bad".
But if you have an Android smartphone. Enable encryption. Without it, the data from your phone will be drained without any sensors. Disable Smart Lock-it's a gaping security hole. Make sure that your device is certified by Google and runs Android 6.0 or newer. If this is not the case, I would disconnect the sensor out of harm's way. Finally, don't be too lazy to search for information about whether the fingerprint sensor for your device was hacked and if it was it's easy or difficult to do it. Make a decision depending on how much you personally are satisfied with the complexity of hacking a fingerprint sensor by a potential attacker on your device.
Conclusion
Fingerprint authentication is not a panacea. Its main purpose is not to make your particular device more secure, but to reduce the inconvenience associated with securely locking your phone, and thus convince the bulk of users to still lock their devices. Apple did it. In Android, the situation is more complicated: the Nexus Imprint reference system works perfectly, almost completely copying Touch ID methods. Other manufacturers are not doing so well. The quality and security of sensors are sometimes questionable, and in devices running Android 5.1 and earlier versions, fingerprint sensors remain an open security hole. In the case of Chinese devices with an unlocked bootloader, the presence of a fingerprint sensor will not worsen the already missing security in any way (however, it can also worsen: if the phone that has fallen into your hands is turned on and the data section is encrypted, then cheating such a sensor is a great way to bypass encryption).
