Biometric mobile security a way off: Telstra

Thumb scanners for mobile phone security are a while off, according to Telstra's chief technology officer Dr Hugh Bradlow, who said that his security team managed to best a "Russian mafia-proof" scanner in just one day.

Hugh Bradlow (Credit: Telstra)

Speaking at a CEDA CIO event in Sydney this afternoon, Bradlow repeated his belief that it was just a matter of years before people replace their keys and cards with mobile phones using radio frequency identification (RFID) technology, such as that already in use by companies like Visa and Mastercard.

When he was questioned as to whether this would have security implications if someone's phone was stolen, Bradlow said research showed that people in general were more aware of their phone than their keys and wallet. Such awareness could be of more use than other protective measures, according to Bradlow.

"We a few years ago got one of these thumbprint recognition things that was supposed to be Russian mafia-proof. In other words, if they cut your thumb off and put it on the device, it was supposed to not respond because it required a live thumb with blood flowing through it," he said.

"Now my guys defeated that in one day with $2 worth of equipment they bought at Coles. They lifted a fingerprint from glass, got a piece of gelatin, transposed the fingerprint onto the gelatin, and put the gelatin on their thumb ... and it worked," he added. "So would you rely on that for your banking? No. You might rely on it to open your email or something less precious to you."

"You're still going to have multi-factor authentication for things that are important."

Bradlow said he was less concerned about potential privacy or security breaches through the increased use of RFID technology than he was about the information people handed over willingly to social-networking websites.

"I don't think things like RFID change privacy implications that much. The things that are really changing the privacy implications are the social-networking sites which lull people into a false sense of security and get them to elicit a whole lot of information about themselves ... They haven't thought about the consequences," he said.

"I feel uncomfortable with Facebook because every now and then I get tagged," he added. "My daughter takes a picture of me when I'm visiting her in Oxford and it's tagged on Facebook. I'm not sufficiently self-indulgent to think that people care about where I am though."

NBN and God

Bradlow indicated that speeds achieved using wireless broadband tended to be around five to eight years behind fixed-line speeds, but he said this did not mean wireless would one day replace fixed-line services such as the National Broadband Network (NBN).

"If God had not meant us to have fixed networks he wouldn't have constrained spectrum in the way he has done. Or she's done, should I say," Bradlow said.

"The fact is that mobile access is constrained as a shared medium in the sense that your first point of interconnect is shared at the radio base station. That shared capacity is constrained by spectrum."

Bradlow said that if he wanted to stream high-definition video at 10Mbps over a long-term evolution network with a total average speed of 100Mbps, he could only share that network with 10 people.

"And that's not nearly enough to build a network around," he said.

The two technologies were meant to be complementary, Bradlow said, and he didn't expect wireless technologies to be able to achieve the same speeds as a fixed-line service.

"The answer is no because of the capacity issue," he said. "I'll stake my reputation on it and I'll probably be dead before anyone tests this, but you do need high-speed fixed networks in developed countries."