In Professor Intriligator’s class, we have been talking about Signal Detection Theory. According to Nicole D. Anderson, “The general premise of SDT is that decisions are made against a background of uncertainty, and the goal of the decision-maker is to tease out the decision signal from the background noise (Anderson 2015).”
For those less familiar with this area, here is a real-world example: if you are in a crowded area trying to listen to your friend as they speak, you need to filter out the other noises in the room and focus only on what your friend is saying. But sometimes you think your friend something, but actually it was a stranger. Filtering this information and figuring out what was actually said by your friend is an example of signal detection.
When learning about Signal Detection Theory, I became curious about the cases where people have intentionally taken advantage of flaws in signal detection software. One of the cases that came to mind is the movie trope where someone fools a fingerprint scanner using common household items. Though in the real world it is not necessarily this easy, it turns out it is not very hard to fool fingerprint sensors. In fact, it only takes 13 minutes.
At least, that is the case with Samsung’s Galaxy S10 phone. The fingerprint scanner was proven to be fooled by a 3D-printed model of the user’s finger. The finger was able to be printed in 13 minutes.
At first, I thought that it would be rather difficult to 3D print someone’s fingerprint, especially without their permission. But, it turns out that all it took was a photo of someone’s fingerprint on a wineglass and some Photoshop.
As people become more reliant on fingerprint scanners and other sensors, we need to more seriously consider their signal detection capabilities. Currently, I fear them becoming a security risk with long-lasting consequences.
I use the fingerprint scanner on my personal phone, but I also avoid putting my financial information or any important documents on my phone. Do you trust the security provided by a fingerprint scanner? If not, what would need to change before you trust it? Let me know in the comments below!
This definitely is making me rethink how I use the fingerprint sensor on my phone! A lot of the financial apps in particular use this feature as part of their security, but from what I just read it might be easier to ‘hack’ someone’s fingerprint than to hack using a password. You would think that signal detection for something like a fingerprint would require a very high criterion for acceptance, meaning there would be few false positives and more misses. For the sake of guarding one’s bank information, this makes sense, however, thinking about this from a human factors perspective, do we really want users to get frustrated when their fingerprint is rejected because their fingers have a little too much oil on them while cooking? The usability vs. accuracy of signal detection for personal devices is a fine line that will need to be examined closely for future devices.
Before reading your blog, I was convinced that finger print scanning was the strongest form of security for my phone. However, you make a really interesting point that people can 3D print a representation of a person’s finger pretty accurately if they get a hold of some picture. Personally, I don’t think anyone would go through that type of effort to hack my phone, but it is always smart to realize that every security system probably has a loophole. Very interesting and informative!