You might believe that the fingerprint reader in your smartphone is a perfect security measure that will keep the wrong kinds of people out of your digital life. Or at least you might before you learned that a 6-year-old may have managed to beat the biometric login on her mother's phone so that she could buy herself $250 worth of Pokémon toys.
How did Ashlynd Howell of Little Rock, Arkansas, pull off this coup? According to a story published on Friday (Dec. 23) in The Wall Street Journal, Ashlynd waited until her mother Bethany Howell was asleep, then pressed her mother's thumb against the fingerprint reader on the phone to unlock the handset.
Once Ashlynd made it past the unlock screen, everything on Amazon was up for purchase, the Journal reported. Unlike the online retailer's website, the Amazon smartphone app doesn't require the Amazon password to be entered again before making a purchase, as we were able to verify at Tom's Guide.
Ashlynd's parents discovered the covert shopping upon receiving 13 order confirmations for Pokémon items. They first thought they'd been hacked, they told the Journal, but then asked Ashlynd if she had made the purchases unintentionally. Ashlynd owned up to her actions, telling her mother "No, Mommy, I was shopping." Ms. Howell noted that Ashlynd "is really proud of herself."
Unable to return all of the items ordered, Ms. Howell told her daughter that "Santa found out and that is what Santa is going to bring you for Christmas."
This isn't the first story that illustrates why security-minded users may not want to use a fingerprint unlock for their phone. Back in May, a federal judge in Los Angeles once again affirmed that law enforcement can force users to apply their fingerprints in efforts to unlock their handsets. Unlike passwords, which are protected speech under the Fifth Amendment, fingerprints are physical evidence unprotected by any law regarding warrants or self-incrimination. Police have collected fingerprints from arrested people for more than a century.
Tapping in a password may be inconvenient, but at least it makes it harder for your device to be unlocked without your explicit consent. Admittedly, a password isn't fool-proof either, as little Ashlynd might be able to peep the code by looking over her mother's shoulder.