Fingerprints have been hacked. The BBC’s Zoe Kleinman reported that Jan Krissler, a member of the Chaos Computer Club (CCC), was able to replicate a politician’s fingerprint from several photos taken at a press event.
Weak passwords, pins, and verification methods have often been the cause of some major security breaches, but it seems that putting all your faith in biometrics may be a dangerous alternative. The issue with biometrics comes two-fold: it’s already out there for the public to see and it’s difficult to revoke in the event of a hack. But when given the option of convenience, people often want to go for the easier option. For instance, two-step authentication (i.e. password plus randomly-generated code) is a great method to secure your accounts—hackers may be able to crack one, but not the other. But, when surveyed back in 2013, 27 percent of people claimed they found it inconvenient. Though, taking the extra time to lock-down your accounts may save from a world of trouble.
Krissler spoke about his research at a convention for the CCC, a network that claims to be “Europe’s largest association” of hackers. He commented that “politicians will presumably wear gloves when talking in public” when they hear about his progress. Professor Alan Woodward, a cybersecurity expert from Surrey University, spoke to Kleinman about the issues concerning biometrics:
“Biometrics that rely on static information like face recognition or fingerprints–it’s not trivial to forge them but most people have accepted that they are not a great form of security because they can be faked.”
He added that there are companies beginning to enhance biometric security to be harder to crack:
“People are starting to look for things where the biometric is alive–vein recognition in fingers, gait [body motion] analysis–they are also biometrics but they are chosen because the person has to be in possession of them and exhibiting them in real life.”
For the present time, it may be best to avoid using biometrics to login to you accounts. If you are then make sure to lock them down with a second authentication method.
Read more at BBC
Photo Credit: Shutterstock