Biometrics are a hot item for mobile device users today because they provide added convenience and security. However, they are not foolproof and come with significant data and privacy risks if compromised.
Better Than Passwords?
Strong passwords can go a long way towards preventing thieves from getting into your devices, but biometrics may be better. This includes not just fingerprint recognition, but also eyes, ears, and voice. Fingerprint scanners are commonplace today on smart devices, but the technology that scans other body parts are arriving very soon. These can work in tandem to prove individual identity without having to enter a password.
What Are Biometrics?
Biometric identification is a technology that uses physical characteristics to authenticate individuals. These include facial recognition, fingerprint identification, voice, iris, or body gait. The most common for internet-connected devices are fingerprint and voice, but others are coming soon. Biometric identification is a technology that is prime for preventing hacker attacks.
For more information, read out post What Is Biometric Security here.
Benefits of Biometrics
The benefits of biometric technologies include:
- Strong authentication
- Speed and convenience for users
- Database demands are less
Biometrics Are Convenient
In the last few years, we’ve seen biometric authentication implemented across consumer applications and products primarily for convenience. Consumers can now do everything from unlocking their phones, paying for a new pair of shoes or accessing their bank accounts with just a tap of their finger.
Biometrics have caught on for consumers because of their added convenience. With the biometric market anticipated to grow 10.3 percent year-over-year from 2018 to 2023, it’s clear that we are moving towards a biometric-centric password future.
Companies Are Adopting Biometrics Quickly
Businesses began to test and implement biometrics on a large scale since Apple included an iPhone fingerprint sensor in 2013. This has proven effective enough at stopping cybersecurity threats that other companies took notice.
Major banks around the world are now using the latest in biometric technology to ensure their customers are protected from intruders. This includes iris scanning, which is being implemented in pilot programs by banks such as Bank of America and Wells Fargo.
What Are The Risks of Biometric Identification?
Biometric identification is spreading throughout the world very quickly in many different sectors and industries. These include healthcare, gambling, corporate networks, banks, home, and auto security. Fingerprint scanning technology continues to improve, and can now even recognize a user’s pulse. However, regardless of how fast biometrics advance, hackers may continue to find ways of circumventing them.
Problems With Biometrics
#1: Biometrics Lack Privacy
Passwords can be kept secret if only you know them and they are stored in a safe location. However, biometrics are easily found because they are public by nature. All body characteristics that are used in biometrics are exposed to the public wherever the person goes. Fingerprints are left on anything a person touches, and eyes are given away wherever the person looks. A person’s voice can also be recorded easily using a smartphone by a bystander.
A user’s image is stored more often than they realize. Law enforcement, stores, and social media networks all can use your image without your consent. And this is almost entirely legal across the United States. If hackers breach any of these databases, they can steal a person’s biometric identification.
#2: Biometrics Can Be Hacked
It is fairly easy for a sophisticated thief to get a hold of a person’s biometric markers. There are hacker groups that have created fake fingerprints through high-resolution images. Even Apple’s TouchID was quickly cracked by a hacker under 48 hours after the iPhone’s release. Eye scans are also not secure from hackers.
In Fact, Biometrics Are Frequently Hacked.
Major tech companies have biometric technologies that are frequently hacked. These even include top cutting-edge device makers, such as Apple and Samsung. For example, a simple high-resolution image of a person’s finger can result in it being recreated by thieves using special software. This happened to the German Minister of Defense, Ursula von der Leyen in 2014 from images of her ungloved hands.
Also, company-wide hacks can release the fingerprints, facial recognition images, and passwords of millions of people to hackers, especially if they are from banks or government institutions.
#3: Biometrics Hacks Can Cause Great Damage
Biometric details can be used to break a wide range of security boundaries. These include passports and legal documents. There is also no way for a user to simply reset their biometric marker like they would when getting a new password. If a fingerprint or facial image is stolen, the user cannot be given a new one. Passwords can be changed, but biometric markers are basically fixed for an individual’s life.
There are ways security companies can enhance biometrics. Adding a requirement for multiple fingerprints and using multi-factor authentication can help stop cyber thieves. Passwords, however, will likely be a required part of security measures for the foreseeable future.
Are Biometrics Actually More Secure?
Biometrics may make the problem of authentication theft and fraud worse.
Criminals can use biometrics to work around a password requirement. If a thief can get a hold of a user’s biometric marker, the password may not limit them from stealing whatever data is on the device. Users may like the convenience of bypassing a password with a fingerprint, but security risks work both ways.
Biometric Convenience Issues
Users may become so reliant on biometrics that they forget their passwords, which are still required to unlock a new device. If this happens, they have to go through the process of regaining their password from the device maker.
Apps that have biometric breaks or are reinstalled also require entering passwords. In most smartphones, there is an operating system security measure that requires a password to restore a link to the app once it is broken.
Biometrics Are The Future of Authentication
Even though fingerprint biometrics make passwords unnecessary in many situations, passwords will continue to be required by online apps and devices in the near future. Cyber thieves can still phish for passwords even if the user selects only fingerprint scanning because they are stored in the device’s background. So, companies will need to add other biometric and security measures to minimize the need for passwords going forward.
How Smartphones Store Fingerprints
Fingerprint biometrics are inherently much more powerful than passwords in their ability to be used in criminal endeavors. However, there are risks in the way they are stored and collected.
When a smartphone scans a user’s fingerprint, it stores it as a mathematical impression in its memory. On further attempts to scan their finger, the phone will compare the two impressions and only unlocks when they are identical.
Storing Biometrics on Remote Servers Creates Risk
If companies that are not in the smartphone business incorporate biometrics into their products and services, they may choose to store them on remote servers. If this happens, they may be inadvertently creating a cornucopia for hackers to steal from. Keeping fingerprint data stored securely on a single device with strong encryption means hackers are much less likely to recreate it and imitate a user’s identity.
Government agencies that keep biometrics for background checks are particularly at risk of hacks. For example, in 2015 the U.S. Office of Personnel Management was hacked and millions of employee fingerprint scans in the form of actual images were stolen. Fortunately, it is less likely that companies keep single depositories for biometric data.
Companies Are Working To Solve Biometric Issues
As companies continue to roll out biometrics, both users and hackers are providing useful feedback. Since 2013, The FIDO Alliance, which is made up of over 250 companies that use these technologies, are working together to keep biometrics advancing and make passwords less required. They are continuously developing standards that companies from all industries can use for inter-operability among authentication devices. In time, companies will become better equipped to deal with biometrics related problems.
Biometrics Have Societal Implications
A society that relies on biometrics such as fingerprints to identify its citizens greatly increases the chance of criminals impersonating them. This re-iterates the point that fingerprints cannot be changed, unlike Social Security numbers or login passwords. Facial recognition could also be used to track people without their knowledge. False positives of captured fingerprints can also cause server problems for innocent people who are are not the identified person. These are serious social issues that need to be addressed. However, many national and state governments may be moving too slowly to develop laws regarding the privacy of an individual’s biometrics.
As biometrics grow in usage around the world and in many industries, users will benefit from their added convenience and security. However, the risks that hackers and cybercriminals can steal them and take valuable data will remain. Companies and governments are part of an ongoing process of keeping consumers protected from the threat of biometric hackers. Yet it is still up to the users of this technology to remain aware of the privacy risks involved and take precautions.