Story image

Fingerprint security & biometrics: Three major myths busted

08 May 2017

Fingerprints have long been viewed as the ultimate identifier, unique only to you and impossible to steal, which is why fingerprint readers have become integral to smartphone and mobile device security.

So, it seems, these gadgets must now be at their most secure. Well, not quite. We debunk three myths in this short feature to bring some clarity to the subject of fingerprint security.

Myth 1: Fingerprint security more secure than passwords

Contrary to what many people assume biometric readers are not foolproof. They have their own set of unique vulnerabilities, the technology can be exploited and fingerprints can be stolen (and even from photographs).

For example, in America, it is Homeland Security policy to collect fingerprints from non-US citizens between the ages of 14 and 79 as they enter the country. Meanwhile, the FBI keeps a file of an estimated 100 million prints, of which more than 30 million are “civil prints”, i.e. not linked to criminal activity.

These two cited examples equate to repositories of sensitive information, which will appeal to cybercriminals. If this information can be accessed, then, just like credit cards and pin numbers, it is entirely possible for them to be stolen and used maliciously.

Myth 2: You can’t copy a fingerprint

In 2013, Apple ushered in the era of the biometrical mainstream by announcing the addition of a fingerprint scanner to its iPhone 5s. It promised to keep your phone super protected while providing a Touch ID method of purchasing things from iTunes and the App Store – effectively removing the need for passwords (not totally, mind you).

But within two days of the new handset launching a German security researcher called Starburg used publicly available software called VeriFinger to recreate the fingerprints of Germany’s Minister of Defence using high-resolution photos – claiming the copy was good enough to trick fingerprint systems for biometric authentication.

More recently, in 2016, Biometrics firm Vkansee demonstrated that the “technology can be spoofed” – all you need is clay and some Play-Doh and you can capture enough fingerprint details to dupe a sensor into thinking it’s the real deal. However, the firm did state that the process is rather convoluted and unlikely to result in breaches of this ilk. Nevertheless, it does suggest that fingerprints can be copied.

Myth 3: Fingerprints will replace passwords in the future

Given that fingerprints can be stolen, copied and used to bypass today’s readers, it’s clear we have a long way to go before passwords are made obsolete. And even then, the likelihood is that passwords are going to be around for a long time.

What this highlights is there is no single solution to security, with many experts advising an approach that embraces multiple measures so that ultimately, there is more than one entry point into whatever it is you seek to protect.

In practice, this means a mix of fingerprints, passwords and additional security in the shape of two-factor authentication may be required, especially in instances where the information or assets – digital or physical – is of a particularly sensitive nature.

Article by Welivesecurity.

Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.