<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

3 Reasons why Biometrics are not Secure

Topics: Authentication, Biometric Access, Biometrics, Identity Access, Biometric Authentication

Posted: 04 October 2017

3 Reasons Biometric Authentication Aren't Secure Unsecure Access

Biometrics are definitely better than passwords when it comes to security, but they aren't fool-proof. Here are the three main reasons biometrics aren't secure.

The next time you log into your bank account to pay a bill, instead of entering your password, you might have to take a picture of your eye to gain access. Welcome to the world of biometric authentication, where your eyes, ears, and fingerprints are the access code to prove individual identity. Biometric technology will become commonplace sooner rather than later.

Bank of America recently started piloting a biometric system from Samsung that scans the iris to determine person identity. They’re not the only company using biometrics. Wells Fargo and British bank TSB are working on iris scanning for mobile banking as well.

Since Apple introduced biometric identification with the iPhone fingerprint sensor in 2013, businesses have been exploring the technology as a way to finally thwart fraud and remedy widespread cybersecurity problems. But are biometrics really that secure or are organizations opening up a can of worms that can cause more problems?

What Are Biometrics?

Biometric identification is a technology that identifies and authenticates individuals based on physical characteristics. A biometric identification system includes fingerprint identification, iris and retina, facial recognition, gait, or voice. The biometrics market is growing as the technology is being hailed as the new generation of defense for law enforcement against hackers. The biometric market is expected to be worth $32.7 billion by 2022. 

Consumer acceptance is helping drive growth. According to a poll by Veridium, 52 percent of consumers want biometrics to replace passwords, and 80 percent believe it’s more secure than passwords. About 40 percent are already using fingerprint reader technology.

Benefits of the technology include:

  • - It’s faster and more convenient for users (no need to remember passwords)
  • - Strong authentication since biological characteristics are distinct
  • - Eliminates friction associated with traditional security measures
  • - Biometric servers usually require less database memory

Despite the benefits, some flaws still must be addressed. Here are three major issues facing biometric security.

1. Biometrics aren’t private

Biometrics seem secure on the surface. After all, you’re the only one with your ears, eyes, and fingerprint. But that doesn’t necessarily make it more secure than passwords. A password is inherently private because you are the only one who knows it. Of course hackers can acquire it by brute force attacks or phishing, but generally, people can’t access it. On the other hand, biometrics are inherently public.

Think about it: your ears, eyes, and face are exposed. You reveal your eyes whenever you look at things. With fingerprint recognition you leave fingerprints everywhere you go. With voice recognition, someone is recording your voice. Essentially, there’s easy access to all these identifiers.

Related: 4 Important Factors Of Biometrics In Banking

Your image is stored in more places than you realize. Not only does Facebook recognize your face, but every store you visit records and saves your image in its database to identify you and analyze your buying habits. In fact, it’s legal in 48 states to use software to identify you using images taken without your consent for commercial purposes. And law enforcement agencies nationwide can store your image without consent.

The problem is identity management and security. Personal identifiable information (PII) needs to have access control in place to protect from identity theft. All it takes is for a hacker to breach any of those databases to leak and steal your biometric identification.

2. Biometrics are Hackable

Once a hacker has a picture of someone’s ear, eye, or finger, they can easily gain access to their accounts. While Apple’s TouchID was widely accepted as a biometric advancement, famous hacker Jan Krissler was able to beat the technology just a day after the iPhone was released. Likewise, researchers from the Chaos Computer Club created fake fingers to unlock iPhones.

Krissler showed how easy it is to steal a public figure’s identification when he recreated German Minister of Defense Ursula von der Leyen’s fingerprint. The hacker obtained high-resolution photos of the politician’s thumb from press conferences and reconstructed the thumbprint using VeriFinger software.

If you think an eye scan may be more secure, think again. Hackers fooled the Samsung S8 iris recognition system by placing a contact lens over a photo of a user’s eye. And it wasn’t a high-priced hack either. The S8 phone was the most expensive purchase of the hack project.

3. Biometrics Hacks may have Greater Consequences

Since a biometric reveals part of a user’s identity, if stolen, it can be used to falsify legal documents, passports, or criminal records, which can do more damage than a stolen credit card number.

The Office of Personnel Management breach in 2015 compromised 5.6 million people’s fingerprints. And unlike passwords, credit cards, or other records, you can’t replace physical identifiers. If someone has photos of your iris, you can’t get another eye.

Biometric companies are aware of these flaws in the technology and should aim to improve identification. There are some ways to deter inherent downfalls of biometrics like requiring more than one fingerprint scan to improve accuracy. Bank of America said its iris scan will be a part of multi-factor authentication instead of the sole way to access accounts.

Biometrics may be the security measure of the future, but it isn’t time to discard your passwords yet. Biometrics provide another level of security, but it’s not foolproof.

(This blog post originally appeared on Defrag This by Ipswitch)

New Call-to-action

Kevin Howell Freelance Writer & Content Strategist Specializing in Tech, Cybersecurity, HR Tech
Posted by: Kevin Howell
Freelance Writer & Content Strategist Specializing in Tech, Cybersecurity, HR Tech
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts