FOX23 Investigates: Safety of fingerprint scans on phones

Quick Facts:

  • New concerns about using thumbprints for security on cell phones
  • FOX23's Justin Gray talked to a group of scientists that warns that way phones scan could have limitations
  • WATCH his full report on what you need to know above

NEW YORK -- A thumbprint may seem simpler and more secure than a passcode or password.

But one of the nation's top computer scientists says he has discovered a security flaw with the kind of fingerprint identification technology often used to lock cellphones.

We traveled to New York University to interview engineering professor Nasir Memon, who says he has found a way to use synthetic fingerprints to trick touch identification systems.

"We found (finger)prints that can match 20, 30, 40, percent of the time," Memon said.

Cellphone readers are not looking at all of a fingerprint.

It examines small, less-distinct sections of multiple fingers, making it easier for Memon to fool touch ID readers.

His team says a savvy criminal could create a glove with five artificial fingerprints to hack into phones

"It's not easy for just 'Joe on the street' to do it, but for a powerful adversary, they just have to do it once," Memon said.

He has not yet tried to hack actual cellphones.

That's a flaw in his research according to Brenda Leoung.

She watches out for security weaknesses at the Future of Privacy Forum.

"That's not the way most fingerprint technology actually works," she said.

Apple, Google and others technology companies are likely matching hundreds or even thousands of data points on those tiny slivers of fingerprints, making phones more secure, she said.

"We feel like the security of these devices is pretty strong," Leoung said.

Even the team at NYU is not suggesting you disable your thumbprint ID.

Memon still uses his touch ID to unlock his phone, but says a PIN is much more secure.

Apple and Google did respond to our requests for comment.