Monday, August 10, 2015

HTC, HTC, HTC... (This is what happens when the user is not the customer)

HTC stored images of users' fingerprints as world-readable files.  This isn't even the problem.  The real problem is: why were they storing images of fingerprints at all?  If you are going to store them, you had damned well better one-way hash them and store the hashes instead.  In fact, you should only be storing hashes of feature vectors, not of the prints themselves.  You should only ever compare hash-to-hash, not fingerprint-to-fingerprint. You can do this using graph comparison algorithms instead of image comparisons.


No comments:

Post a Comment