Biometric authentication has been attracting a lot of attention recently. Every day you see people deftly swiping their thumbs over their phones to unlock them using fingerprint recognition.
Iris scanning technology is being introduced to India’s national biometric ID system. It’s the largest such system in the world—with over a billion users—and is used to access services like banking and healthcare.
South Korea is trialing a facial recognition system in an attempt to improve security at government buildings. Apple has apparently purchased a facial recognition startup, leading to speculation that they may use the technology for authentication in the future.
People hate passwords and are notoriously lax with password-based security. Users see it as just something they get in their way. Biometrics address many of the weaknesses of passwords:
So, biometric technology addresses the aspects of human behavior that tends to undermine security.
Given this, why is the Electronic Freedom Foundation (EFF) so keen on legislation that limits the use of biometric data?
Well, one fundamental problem with biometric security is that once compromised, it’s incredibility difficult (or impossible) to revoke it. Imagine you had a password—possibility a very strong one—assigned at birth and you had to use it until you died. You could never change it. That’s biometric security.
In fact, it may be worse than that as it’s difficult to protect your biometric data. You leak it constantly—every time your fingerprint-smeared glasses are cleared up at the bar, for example. A hacker was able to recreate the fingerprints of Germany’s defense minister from high-resolution photographs! The same hacker had previously demonstrated how to fool Apple’s iPhone fingerprint scanner using cheap, readily-available materials.
Face recognition technology fares no better—it has been fooled using photos from Facebook.
And, this is just physical hacks. As this information is being used in a computer, at some point it will need to be digitalised. If captured in this form, it could be injected back into a system at the appropriate point bypassing the need to fool scanners.
We’ve seen how people’s lives can be turned upside down by mistaken identity—such as those who are erroneously flagged as being on no-fly lists. If biometric information starts being used to control access to things like government services, financial services and travel then having your biometric information compromised could have severe consequences.
And, even if you could convince those in charge of the system that a mistake had been made, how would it be rectified? Swap out your old irises for a new pair? Choose another set of fingerprints? A new face? I’ll have Clooney’s—will play havoc with his credit score, but, boy, will my life take an upturn.
Maybe the interest in biometrics will die down once we have chips implanted—like pets do. At least we could replace those. Ouch…but at least it’ll get you your life back.
Biometric technology is a quick fix, but, unless we are incredibly careful about how we use it, we are baking in serious problems downstream.
If you are or are interested in becoming a cyber security professional, Learning Tree provides professional courses that will help advance your career.