Flattr this
biometric

Biometric Security Fraud?



That our personal data is valuable and should be kept private is a mantra that we need to repeat, daily. No longer should anyone be in doubt with frequent reports of data breaches and hacked passwords. Thankfully, corporations and savvy individuals are constantly looking for alternate means of securing their data.

We crave certainty and convenience, smartphone manufacturers have tapped into our desires by incorporating fingerprint readers into their devices.


Is your fingerprint secure?

The Apple iPhone 5s was released in September 2013, it was one of the first smartphones to feature a fingerprint reader. Shortly after its official release The Chaos Computer Club successfully bypassed Apple's much lauded Touch ID fingerprint scanner. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. 

In 2002, Tsutomu Matsumoto devised a technique to take a photograph of a latent fingerprint (e.g. from a glass) and recreate it using gelatin. The model was said to be good enough to fool biometric scanners 80% the time.
https://www.cryptome.org/gummy.htm

In 2008 Matt Lewis introduced the world to 'Biologger', the equivalent of a malware keystroke logger. Stole fingerprint scans processed on an infected scanner. Then gave a demonstration as to how the data can be used to gain access to supposedly ‘secure’ buildings.
In 2009 Lin Ring paid doctors in China $14,600 to change fingerprints so as to bypass the biometric sensors used in Japan’s airports. Lin had been deported previously. The surgeons swapped the fingerprints from her left and right hands. The ploy worked but was exposed when she attempted to marry a middle-aged Japanese man. Japanese police claim to have uncovered a thriving business in biometric surgery, Lin was the ninth person to have had the surgery.
http://www.huffingtonpost.com/2009/12/07/lin-rong-chinese-national_n_383082.html

The examples above are just a few of the techniques used to spoof fingerprint and should cast doubt on the narrative that biometric data is inherently more secure.


Possible solution?

Mian Wei claims to have perfected a technique to create a wearable finger prosthetic that can be used on fingerprint readers without revealing the user’s actual fingers or thumb. The Identity pad exploits the fact that fingerprint readers aren't yet smart enough to tell a real finger from a rubber prosthetic. Wei's contraption has been shown to work on both the iPhone 6S and a Nexus 5x running the latest versions of iOS and Android, respectively. 
http://www.csmonitor.com/World/Passcode/Security-culture/2016/0627/Fake-fingerprints-The-latest-tactic-for-protecting-privacy

In our quest to find that which is quick and easy we leave ourselves exposed to abuse. We should be wary of any device or product that promises 100% security. Anything man made can be undermined with sufficient time and dedication. The best method of keeping our most treasured data secure is always to use a multitude of security options - biometric data, allied with a complex password, physical key or thumb drive is safer than relying on any one of the aforementioned.



About Afritechnet

0 comments:

Post a Comment

Powered by Blogger.