The claim was that the sensor would be able to say “yes, that is the correct finger.” But I would expect that all the sensor would do is send the finger print data. It would be very weird if the fingerprint sensor itself was in charge of deciding if the device should be unlocked or not.
Not that weird, though that’s not how they generally work.
However, they are in charge of verifying that it was an actual physical thing (hopefully an actual finger) being pressed against the sensor instead of being data fed in from some database. Protecting against that outcome eliminates a wide class of security threats.
The sensors I was referring to are the ones in cars. Not phones. So I may have misunderstood you, and commented on something you weren’t talking about. Sorry if I was confused or confusing.
My point was that any sensor in a car needs to be producing provably trustworthy data. Or else the car’s main control system can be lured by untrustworthy data to do inappropriate things, from shutting down inappropriately, to releasing brakes inappropriately, to turning left where it thinks the exit road is, while it’s actually 500 yards back still on the bridge.
While the immediate safety problems are worse for a car, ultimately, cars and phones and every other sophisticated electronic device is subject to the same issues. And if the phone belongs to someone important, say a high-level politician, the real-world consequences to a successful hack could very well be worse than a single car veering off a cliff.
Granted completely. All our IT systems collectively are too interconnected and too important to smooth societal functioning for any of them to be rickety and insecure by design.
And yet one hell of a lot of IT infrastructure is just that. Whether we’re discussing components in mobile phones or the corporate IT hygiene practices at Home Depot, General Motors, or General Dynamics.
Someday we shall rue the haste and sloppiness with which we wired the world together.
Maybe just buy one of these and see if there is anything that will play on it? ($34.00 right now)
Five or six years ago I bought a “new” tote bag from Amazon that had clearly been returned, as it came with two unadvertised SanDisk thumb drives. I was super curious, and friendly with the IT guys where I was working, and one of them agreed to put the drives in a due-for-reimaging, air-gapped laptop. Turns out they contained some woman’s college coursework, a few personal files, and a bunch of music: I emailed her and offered to return the drives, but she never responded. After a month or so I reformatted them.
Recently, I bought a cute little dog-shaped thumb drive to keep my dog’s veterinary records on: it was cheap and arrived loose in a padded envelope, vs in any kind of packaging. I have a very old laptop with no personal files on it that I keep around, so I turned off the wifi and used it to reformat the seemingly-empty drive before putting it in my “real” computer. Just to be on the safe side. 
I imagine the danger there would be if the Chromebook were connected to any kind of network.