Biometric access in hardware wallets
This article focuses on explaining both security and usability issues on biometric access to hardware wallets so that the users can evaluate the advantages of this unusual feature for the existing devices on the market.
Although biometric access is an expanding feature in technological devices across the board, only a few hardware wallets incorporate this system, and most of them opt for a PIN, and sometimes also they add a passphrase. Why do they choose these methods? Does this mean that PIN is a better security measure? Or on the opposite, is this due to economic reasons?
Let’s evaluate both features.
If you are a cryptocurrency user, nowadays you do not use your cryptos for everyday actions, and if you are a HODLer, your operations can be even less. You can not use your cryptos because of the containers. They are not thought for intensive use, and instead, you use credit cards, plastic cards or virtual cards installed over your phone, smartwatch, etc.
Although we wish, cryptocurrencies are not used broadly, and because of that, hardware wallets are not designed to be carried with you. Of course, you might argue that you use a soft wallet which is always with you; in this case, I can only say as Gandalf to the Fellowship of the Ring while battling against the Balrog over the bridge of Khazad-dûm “Fly, you fools!”.
If we aim for mass adoption of cryptocurrencies, their use must be user friendly and as agile as the credit FIAT money. But in that current system, at least you have some responsibility exemption: in case of fraud, you can (sometimes) delegate that liability to the bank issuer. However, when using cryptos, you are your own bank, so we need to provide both the agility and the security.
Usability
Picture the situation: you want to perform a financial transaction, so you start your computer, decide the operation, insert the data, connect your hardware wallet, introduce your PIN with a two keys keyboard… and after all these steps, you can send the operation to the hardwallet, accept it, and that’s all. Why do you need to introduce a tricky PIN each time? Can you imagine applying the same process when making a payment in a physical shop? Of course not.
With the fingerprint access, you only need to put your finger on the card, and you’ll start thinking about using the same process everywhere. But this is only possible if you can carry the device away with you, and that is called HASHWallet.
But is this method secure enough? Can it be hacked?
Security
We are not evaluating any hardwallet as a device; there are a lot of technical reviews elsewhere, and also you can find here an exhaustive list of studies regarding all the hackings over these devices. Our purpose is to focus on fingerprint access security.
Biometric access is a vast and growing field, and you can find lots of use cases as for example eyes, face, voice, veins, even behavioural as gait and gesture recognition; and focusing on fingerprint access there are optical, capacitive, ultrasonic, thermal or piezo-electrical sensors.
On HASHWallet we have integrated an active capacitive sensor, which means the recognition is made through a map of distances from the finger skin to an array of CMOS integrating sensors. Two questions arise here:
- Can this kind of sensor be spoofed?
No system can be made absolutely secure — with unlimited time and money you can hack and spoof anything (if anyone claims otherwise, they’d be lying). So, are there spoofing methods for hacking an active capacitive fingerprint sensor? You will need to obtain a 3D replica of the finger (not photography) with the same deeps for the epidermal ridges on a surface with the same conductivity. It is necessary to extract the image of the user’s finger and generate a replica with carbon nanotubes over a silicone rubber. Can anybody do this at home? 🤷🏻♂️ - Can the fingerprint data be extracted from the card?
The fingerprint itself is never stored. Instead of that, a mathematical representation is kept. But if this mathematical representation were extracted (both the template and the algorithms are stored in an EAL6+ secure element, a Trusted Execution Environment), it is not possible to re-create the fingerprint from its mathematical representation.
Bottom line
After learning about such significant advantages, why biometric access is not present in every hardware wallet? If it offers better usability and security, it can only be due to economic reasons. Only breaking these limitations, the crypto landscape will widen and reach more people than just believers.
On the other hand, if it is a matter of cost, we may wonder: what is the price of not keeping your cryptos safe?
