Fingerprint security on smartphones presents the biggest hacking threat

1772
Fingerprint security on smartphones: biggest hacking threat

Ex-Union home secretary Rajiv Mehrishi told a parliamentary standing committee that data of 40 percent of all smartphone users are accessible by the CIA

Advanced security features themselves can often become your biggest source of insecurity. Take fingerprint locking systems, for example, especially on your smartphone, that collects and stores one’s critical biometric data that ensures no one else can access your phone. There is also iris recognition software available for locking and unlocking laptops and other such devices, even door locks.

Many of these devices are often hotwired to the internet—the Internet of Things (IoT) assures all-round seamless security prospects, a huge thing today around the world. These are also the biggest threats to privacy. According to a report in The Indian Express, this is potentially more damning and a bigger threat than all the biometric data collected for Aadhaar cards by the Unique Identification Authority of India (UIDAI).

This has been revealed by no less than India’s former union home secretary Rajiv Mehrishi, who has now been appointed as the Comptroller and Auditor General of India (CAG). According to him, says the report, this data has already been stolen from 40 percent of people using smartphones and those who have the fingerprint identification soft inbuilt or have added such a software later.

Who has this stolen data? According to Mehrishi, the Central Intelligence Agency (CIA) of the US has it. This was not an off-the-cuff comment, but a comment made on July 21 before the Parliamentary standing committee on home affairs. That adds gravity to the comment.

The seriousness of the situation has come to light in the backdrop of a Wikileaks release in March which said that the CIA has been hacking into smart devices. The software targeted by the hacking tools included Apple’s iOS and Google’s Android.

Fingerprint security on smartphones: biggest hacking threat
Former union home secretary Rajiv Mehrishi

India’s smartphone makers, including global brands such as Apple and Samsung and Chinese manufacturers, such as Oppo, Vivo, Xiaomi, Lenovo and Gionee, as well as India’s Micromax have been asked to provide security details. These include security practices, architecture, frameworks, guidelines and standards.

This will form part of the overall cyber security standards that the government is trying to set up.

The problem of using many apps is that they ask for a plethora of personal data before firing up and before being activated. If one wants to avail of the facilities provided by the free app, the trade-off is providing personal data. The report refers to a recent study by IMDEA Networks Institute of Spain which says that over 70 per cent of smartphone apps are reporting personal data to third-party companies like Google and Facebook.

Google, Facebook, Whatsapp and some others have come in for court scrutiny in India regarding privacy issues where companies have been sharing data gathered through third-party intervention. Whatsapp, for example, is one app that is humongously popular in India. When it was bought over by Facebook for an incredible $22 billion, it took along with it all the data and instantly stared sharing them with Facebook, without acquiring the consent of the user. This has been an issue that the court wants to settle.

Meanwhile, while the court battles the problem of unwarranted data sharing between two companies, all that data has been living in your smartphones and unwittingly, these have been open to hacking. Mehrishi’s comment also means that any data within a smartphone can be accessed by smart hackers, be he/she with the CIA, or the National Security Agency (NSA) of the US or even India’s own National Investigation Agency (NIA), which has been crying for more data collection facilities like the NSA.

Technically, a person’s entire life and particulars can, in was more than one, be accessed through his/her smartphone and through the several apps used and several websites that the person has accessed.

What the agencies would do with such data is not clear, but individual hackers might be able to access your bank account, for example, if you have been using your bank’s app for transactions. Today, it is possible to open fixed deposits, transfer funds and make all sorts of realignments from within your phone, using the app. These are at risk.

The security atmosphere of the world has just gotten murkier.

India Legal Bureau