If analyst predictions come to fruition and Samsung introduces biometrics on Galaxy S5, the suggestion the iPhone 5S fingerprint scanner represents a leap towards mainstreaming the technology could be more accurate than sceptics hold.
But spoof attacks, false negatives and false positives, and the relative lack of successful deployment of fingerprint biometrics, leave many doubtful as to whether the technology is mature and effective enough to be seen as a security silver bullet, or the future of identification and access control.
When Apple took the wraps of its new iPhone 5S with Touch ID technology in September, analysts suggested the company was offering a glimpse of a future where your favourite gadget might become a biometric pass to the workplace, mobile commerce or real-world shopping and events.
Reuters reported at the time: "Apple's executives said at launch that its Touch ID technology embedded into the iPhone 5S' home button would only provide fingerprint access to the phone and its own online stores, [but] analysts say Apple's embrace of [biometrics] technology would be key to wider adoption."
The fact that Touch ID was cracked just days later, adding to the challenges already facing the technology, does not bode well for the theory of ubiquitous adoption of biometrics - at least not in the near future.
Fingerprint fail?
When companies inherently involved with biometrics concede the technology has in some ways failed, or that the industry as a whole has under-delivered, a red flag is bound to go up.
That said, biometrics company Ideco notes fingerprint biometrics accounts for about 64% of all biometrics solutions, and is the only modality regarded as mature for large-scale implementation.
Ideco MD Marius Coetzee says if one looks at the total number of fingerprint scanners sold to date on a global scale - compared to the number of scanners actively and successfully being used on a daily basis - fingerprint biometrics is a failed technology.
However, Coetzee notes, Goode Intelligence predicts that by 2015, about 619 million people will be using biometric on their mobile phones as a result of Apple's new iPhone. "Many believe this would be the game changer."
Authentication solutions company Lumidigm transitioned from developing non-invasive means of glucose reading for diabetics in 2001, to focusing on fingerprint biometrics - a technology field in which it has been active for about the last seven years.
Philip Scarfo, VP of worldwide sales and marketing at Lumidigm, acknowledges the biometrics industry in general "has done a poor job by over-promising and under-delivering".
"Many of the conventional biometric technologies used in commercial applications simply are not reliable, robust or capable of serving real world needs. They work fine in limited, controlled environments, but break down fairly quickly when the user conditions or environmental conditions are less than ideal."
Scarfo refers to Apple's Touch ID as an area where some progress has been made, noting the phone features an area sensor - rather than a swipe sensor. "Although much better, this technology still suffers from poor performance for those with dry skin, moist skin or otherwise less-than-ideal fingerprints. It is also easily fooled by a fake finger (spoof) and therefore more of a convenience tool and not a security tool."
He says early mobile device applications of fingerprint biometrics have been one of the biggest fails in the industry, with the swipe sensor market close behind. "The swipe sensor market was not a friend to this industry. Many early adopters were not satisfied with the performance and when convenience is lost, so is the value proposition."
However, says Scarfo, it is dangerous to paint the entire biometrics industry with a single brush.
Crash causes
Coetzee says there are many reasons biometrics fail. "Keep in mind that biometrics is very complex science and due to its real-time nature can create much frustration if not implemented correctly."
Among many more, he says, some of the reasons for failure are performance issues (false acceptance/rejection), quality issues (fading optics), networking issues (unreliable connectivity), operational issues (incorrect installation), and compliancy issues (lack of interoperability).
Wolfpack operations manager Manuel Corregedor believes biometric technology is not widely used, in part due to the precarious nature of the system. "Fingerprint readers could result in a false negative if the person has cut their finger, worked with harsh chemicals, or is even just a regular guitar player."
The opposite is also possible and makes the system just as unreliable, he notes. "When a person is allowed access even though they shouldn't have access, this is known as a false positive."
Tech analyst Liron Segev, from TheTechieGuy.com, points out that - apart from the mentioned fundamental vulnerabilities - the cost of implementing biometrics could put companies off investing in the technology, slowing down overall deployment further.
"The cost [of biometrics technology] is a big barrier. If the cost of installing a biometric door lock was slightly more than a regular key lock, then more businesses would make use of it. But the price is much higher - especially when you start to link these systems into the network."
Local impact
Dustin van der Haar, a lecturer at the Academy of Computer Science and Software Engineering at the University of Johannesburg (currently completing a PhD in biometrics), says there are certain issues that impact SA specifically with regards to the adoption of biometric solutions.
He cites the lack of skills for the design, implementation and deployment of biometric systems within a specific environment as one of the major local hurdles. "A biometric system needs to be configured appropriately for it to work effectively in the respective environment."
Then, the financial implications for the deployment and support of biometric systems are still a concern in the country, says Van der Haar. "Although the equipment required for these systems have become within reach of mainstream deployment, the skills and computing resources for these systems cost money and some companies are not quite ready for that cost just yet."
Another impediment in SA, he notes, is user acceptance for the providing of biometric traits (fingerprint, voice, iris, etc). "A lack of awareness and cultural or religious beliefs can hinder system operations. A user can simply refuse to provide their attributes, because it may be against their beliefs."
SA solutions
But it is not all a grim outlook for biometrics in SA, say industry experts - who agree the key lies in using biometric technology in conjunction with other means.
Van der Haar says there are many promising developments in SA that should change the situation. "There are more diverse biometric attributes being captured in newer biometric systems that are more robust than older systems, such as using one's heartbeat, brain waves and many more.
"These newer systems also have cutting-edge sensors that mitigate many problems experienced in the past, such as poor usability and portability of sensors."
Insofar as the cost factor goes, he says more complete solutions that include installation and support are being offered by vendors, which reduce many of the hidden costs that companies had to absorb.
"[Also], users are becoming more aware of the fact that biometric attributes are being used within an access control setting to increase security, due to the prevalence of current biometric systems already seen at fast food chains and restaurants."
Coetzee says SA is actually regarded as a leader in the application of biometrics. In the past decade, Ideco has supplied over 90 000 fingerprint scanners, which are used by an estimated 2.5 million people on a daily basis in applications like security and access control, workforce management, password replacement and even criminal investigations.
The key, says Coetzee, is integration of biometrics into existing ecosystems.
Corregedor believes the way forward would be to use biometric technologies in conjunction with PINs and passwords - multi-factor authentication - because biometrics is not a silver bullet for solving the current authentication problems.
Van der Haar notes there is still a great deal of research being done in the field of biometrics "to build the biometric systems of tomorrow".
Share