Biometric mobile security a way off: Telstra

Biometric mobile security a way off: Telstra

Summary: Thumb scanners for mobile phone security are a while off, according to Telstra's chief technology officer Dr Hugh Bradlow, saying his security team managed to best a "Russian mafia-proof" scanner in just one day.

SHARE:
TOPICS: Security, Telcos, Telstra
4

Thumb scanners for mobile phone security are a while off, according to Telstra's chief technology officer Dr Hugh Bradlow, who said that his security team managed to best a "Russian mafia-proof" scanner in just one day.

Hugh Bradlow

Hugh Bradlow (Credit: Telstra)

Speaking at a CEDA CIO event in Sydney this afternoon, Bradlow repeated his belief that it was just a matter of years before people replace their keys and cards with mobile phones using radio frequency identification (RFID) technology, such as that already in use by companies like Visa and Mastercard.

When he was questioned as to whether this would have security implications if someone's phone was stolen, Bradlow said research showed that people in general were more aware of their phone than their keys and wallet. Such awareness could be of more use than other protective measures, according to Bradlow.

"We a few years ago got one of these thumbprint recognition things that was supposed to be Russian mafia-proof. In other words, if they cut your thumb off and put it on the device, it was supposed to not respond because it required a live thumb with blood flowing through it," he said.

"Now my guys defeated that in one day with $2 worth of equipment they bought at Coles. They lifted a fingerprint from glass, got a piece of gelatin, transposed the fingerprint onto the gelatin, and put the gelatin on their thumb ... and it worked," he added. "So would you rely on that for your banking? No. You might rely on it to open your email or something less precious to you."

"You're still going to have multi-factor authentication for things that are important."

Bradlow said he was less concerned about potential privacy or security breaches through the increased use of RFID technology than he was about the information people handed over willingly to social-networking websites.

"I don't think things like RFID change privacy implications that much. The things that are really changing the privacy implications are the social-networking sites which lull people into a false sense of security and get them to elicit a whole lot of information about themselves ... They haven't thought about the consequences," he said.

"I feel uncomfortable with Facebook because every now and then I get tagged," he added. "My daughter takes a picture of me when I'm visiting her in Oxford and it's tagged on Facebook. I'm not sufficiently self-indulgent to think that people care about where I am though."

NBN and God

Bradlow indicated that speeds achieved using wireless broadband tended to be around five to eight years behind fixed-line speeds, but he said this did not mean wireless would one day replace fixed-line services such as the National Broadband Network (NBN).

"If God had not meant us to have fixed networks he wouldn't have constrained spectrum in the way he has done. Or she's done, should I say," Bradlow said.

"The fact is that mobile access is constrained as a shared medium in the sense that your first point of interconnect is shared at the radio base station. That shared capacity is constrained by spectrum."

Bradlow said that if he wanted to stream high-definition video at 10Mbps over a long-term evolution network with a total average speed of 100Mbps, he could only share that network with 10 people.

"And that's not nearly enough to build a network around," he said.

The two technologies were meant to be complementary, Bradlow said, and he didn't expect wireless technologies to be able to achieve the same speeds as a fixed-line service.

"The answer is no because of the capacity issue," he said. "I'll stake my reputation on it and I'll probably be dead before anyone tests this, but you do need high-speed fixed networks in developed countries."

Topics: Security, Telcos, Telstra

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • What a lot of rubbish... from the leading technologist at Telstra - give me strength... I'm switching my service provider tomorrow...

    Their security engineer defeated biometrics "a few years ago" using gelatine from Coles... How clever and I have no doubt that there has been absolutely no advance in that technology since.

    And God is constraining spectrum? This guy is a nutter. When I was a telecom engineer - some 20 years ago - transmitting broadband speeds over copper - like we do today - was impossible. Then God suddenly blessed us with the knowledge to create DSL...

    When God is ready - he will undoudtedly bless us with the knowledge to massively increase spectrum and wireless transmitting speeds too....

    ...and with any luck he'll strike down the idiots with bolts of lightening at the same time....

    Maybe Telstra and Hugh should be investing in some serious R&D instead of sending his guys up to Coles to buy gelatine....
    What Rot.
  • Here we have a CTO of a major telco telling us how a long time ago, in a far distant R&D lab, someone broke a simple and now obsolete form of security. How is that relevant to today? I'd rather hear about recent technical achievements that don't involve gelatine.

    Using mobile phones as part of any RF based biometric security is stupid. As soon as you turn a 'biometric signature' into an electronic form, there will be someone who'll try to capture, copy, and break it. Throw that out via RF and you're simply inviting disaster no matter how wonderful you think your encryption is.

    As for the NBN and other technologies, unless you're a religious leader stating that God supports your technical arguments isn't going to win you a pay rise or promotion...at best you'll get a trip to the asylum.
    Scott W-ef9ad
  • Who needs gelatin? I have modern fingerprint readers on some of my PCs and they can't even tell WHICH finger they're supposed to be scanning!
    Treknology
  • If officials say Russian every time they say mafia then I have all moral rights to say Australian when I say idiot. Like: this Austrlian-idiot proof device....
    DimitriAu