NexID Biometrics Launches Mobile Live Finger Detection

Smartphone or tablet fingerprint sensors lacking liveness detection could be susceptible to having bogus fingerprints spoof the sensors.

Software and technology supplier to the biometric-authentication industry, NexID Biometrics, which offers liveness detection software for fingerprint-sensors on mobile devices, announced the launch of its Mobile Live Finger Detection (LFD) application for the Google Android operating system.

The company’s Mobile LFD solution for the Android platform enables manufacturers of mobile devices and fingerprint-sensor technology, as well as mCommerce vendors, to add liveness detection to mitigate the vulnerability to spoofing and build confidence in the use of fingerprint authentication for mobile devices.

The Mobile LFD application ported to the Android platform means that makers of Android smartphones and other mobile devices can improve the accuracy and security of the devices' fingerprint-sensing authentication to greater than 95 percent, the company said.

"At NexID, we believe augmenting fingerprint sensors with liveness detection is 'must have' functionality because it facilitates mobile commerce, providing both users and services providers with confidence that mobile transactions can occur safely and securely," Mark Cornett, NexID's chief operating officer, said in a statement.

The company also provides testing and analysis of fingerprint scanning devices to identify existing vulnerabilities to known spoofing strategies.

Mobile devices with fingerprint scanners are currently on the market, but are lacking liveness detection, and could be susceptible to having bogus fingerprints spoof the sensors, the company claims.

For example, Goode Intelligence, a U.K. research consultancy, has predicted that as many as 3.4 billion smartphones will be equipped with biometric sensors by 2018.

At the same time, consumers are growing more concerned about keeping data on their phones safe from hackers and or other sets of prying eyes.

Earlier this year, SRLabs, a security research firm from Germany, successfully hacked the fingerprint sensor on the Galaxy S5 using a similar method that was used to spoof the Touch ID sensor on the iPhone 5S.

The lab also pointed out users leave copies of their fingerprints everywhere; including on the devices they protect, and argued fingerprints are not fit for secure local user authentication as long as spoofs (fake fingers) can be produced from these pervasive copies.

"While Apple validated the convenience of fingerprint authentication as an alternative to passwords on mobile devices, the spoof of the iPhone 5S -- and more recently the Samsung Galaxy S5 -- confirmed that the current level of security is vulnerable to spoofing," Cornett added. "Clearly the layers of security for unlocking mobile devices and their applications need to be stronger to properly meet the needs of users, facilitators of mobile commerce and business people responsible for their companies' BYOD policies."